Telemedicine and remote patient monitoring companies often want to maintain open communication channels with patients, whether it be scheduling, medication reminders, engagement pings, or even new product and service updates. Texting and push notifications are the current favored communication methods to engage patient-users. Digital health entrepreneurs can use these tools, but should be aware of the Telephone Consumer Protection Act (TCPA). This article shares some TCPA ideas that telemedicine and remote patient monitoring companies can consider incorporating into their software product design and user interface development.
The TCPA is a federal law that restricts telephone calls and texting to residential lines and cell phones unless the user has agreed, in writing, to receive those messages. In addition to federal fines and penalties enforcement actions from the Federal Communications Commission (FCC), private plaintiffs have filed lawsuits (including class actions) under the TCPA, and statutory damages for violations range from $500 and $1,500 per text message.
If a company that wants to send text messages to the user’s smartphone (whether marketing messages or not), best practice is to obtain the user’s “prior express written consent.” The written agreement should include a clear and conspicuous disclosure informing the user that:
- By executing the agreement, such person authorizes the seller to deliver or cause to be delivered to the signatory telemarketing calls using an automatic telephone dialing system or an artificial or prerecorded voice; and
- The person is not required to sign the agreement (directly or indirectly), or agree to enter into such an agreement as a condition of purchasing any property, goods, or services.
This user written consent can be provided electronically, provided it is recognized as a valid signature under the federal E-SIGN Act and state electronic signatures law. But there is some creatively and flexibility in product design, as the Federal Trade Commission (FTC) has allowed patient digital consent given via email, website click-sign form, texting, telephone keypress, and even voice recording.
Health Care Message Exception
There is an exception to the TCPA for health care messages. It allows health care providers to place artificial/prerecorded voice and text messages to cellphones, without the patient’s prior express consent, in order to convey important informational “health care messages.” Examples include appointment confirmations, prescription notifications, and exam reminders. But even under the “health care messages” exemption, there are restrictions (e.g., patient-users cannot be “charged” for the call or text message; no more than three messages initiated per week; content of messages must be strictly limited to allowed purposes and cannot include marketing, advertising, billing, etc.). All messaging must also comply with HIPAA privacy and security requirements and opt-out requests must be honored immediately.
Many early stage telemedicine companies (particularly direct to consumer (DTC) telemedicine companies) prefer a browser-based patient dashboard with texting, rather than developing a downloadable dedicated app. Remote patient monitoring companies, even early stage, are more likely to have downloadable apps linked to Bluetooth-enabled medical devices. For companies with a mobile app, one solution is to use push notifications instead of texting. This may avoid the TCPA’s jurisdiction altogether. Push notifications are similar to texting in that they both pop-up on the individual’s smartphone to deliver messages and/or prompt the user to take action. But because push notifications are controlled by the app user and not considered a text message or a phone call, they are not regulated by the TCPA. Apps and push notifications are still regulated by state privacy laws, and potentially (not always) HIPAA. A push notification also has the added benefit of being able to directly route the user to the mobile app so that content and information can be provided to the patient in an engaging and secure format.
Effective communication via a convenient – if not delightful – user experience platform is critical to patient-user engagement regardless of the type of telemedicine or remote patient monitoring specialty. As more patients begin to rely on their smartphone as the single source for communications, digital health companies can take some simple but important steps to comply with TCPA (and other potentially applicable laws) when developing the product design.
Want to Learn More?
- COVID-19: New Guidance on the Emergency Purpose Exception to the Telephone Consumer Protection Act
- Leaks, Lakes, and Loot: What’s the Big Deal about Data? A podcast interview with Ian ONeill of Welltok
- Sharing and Mining Patient Data in Digital Health and Telemedicine: Laws You Need to Know
For more information on telemedicine, telehealth, virtual care, remote patient monitoring, digital health, and other health innovations, including the team, publications, and representative experience, visit Foley’s Telemedicine & Digital Health Industry Team.