Healthcare is a thoroughly regulated industry, for good reason. Responsible providers and stakeholders pay close attention to those regulations, whether they relate to medical procedures, patient privacy, or other important operations. But there is one realm of regulatory oversight that sometimes is forgotten by the healthcare industry: telemarketing regulations.
While it may seem trivial compared to other regulations and responsibilities, the healthcare industry is subject to telemarketing regulations such as the Telephone Consumer Protection Act (TCPA). There are special TCPA exemptions for the healthcare industry, but they are not absolute. TCPA lawsuits and class actions have affected the healthcare industry and will continue to do so if stakeholders do not heed the marketing compliance rules.
Telephone Consumer Protection Act
The TCPA is the bedrock of federal telemarketing regulations. It includes such provisions as calling time restrictions (8am – 9pm, recipient’s local time) and identification requirements (the caller must provide their name, the name of the company on whose behalf they are calling, and a telephone number or address which can be used to contact them again). As far as preventing litigation, two provisions in particular are notable.
The TCPA restricts the use of automatic telephone dialing systems (ATDS) to make marketing calls and texts to cell phones and other devices where the recipient might be charged for the call without written consent, and non- marketing autodialed calls without prior express consent.
The distinction between these two consent standards is important for healthcare-related calls, which can often be informational in nature and are subject to certain exemptions detailed later in this guide.
Additionally, the TCPA does not allow the use of an artificial or prerecorded voice to be used to call a residential landline or wireless number for marketing purposes without prior express written consent.
Marketers are required to suppress phone numbers on the National Do Not Call (DNC) Registry. Callers are also required to maintain an internal DNC list of consumers who asked not to be called or texted. Multiple states also have DNC list requirements, with 12 states maintaining their own, unique DNC lists. However, these restrictions only relate to healthcare-related calls that can be construed as marketing calls.
There are specific exemptions to the TCPA and the Telemarketing Sales Rule (TSR) for healthcare-related calls. These exemptions have largely been spelled out over time in rulemaking by the Federal Trade Commission (FTC) and Federal Communications Commission (FCC).
2012 FCC Rulemaking on HIPAA Calls
In a 2012 Report and Order, the FCC clarified certain TCPA exemptions for healthcare calls. Working from TSR rule making by the FTC in 2008, the FCC exempted healthcare calls from the TCPA’s prior express written consent rules if they are covered by the Health Insurance Portability and Accountability Act (HIPAA). Instead, these calls are subject to the less stringent standard of prior express consent, due to HIPAA’s standards of privacy and written authorization for the use of the individual’s private health information. It also created an exemption from the TCPA’s “consent, identification, time-of-day, opt-out, and abandoned call requirements [for] all prerecorded health care-related calls to residential lines that are subject to HIPAA.”
2015 Exigent Purposes Exemption
In 2015, the FCC created another exemption for healthcare calls. It exempted callers from all consent requirements for calls relating to specified exigent healthcare purposes. The FCC consciously limited this exemption to specific categories of calls, however, and explicitly did not include “telemarketing, solicitation, or advertising content” or calls made for “accounting, billing, debt-collection, or other financial” purposes.
Affirmation and Addenda
Both the 2012 and 2015 exemptions were affirmed by the FCC in a 2020 response to a petition from Anthem requesting that the FCC adopt a blanket exemption for healthcare calls. The FCC rejected this petition and confirmed that there is no “broad exemption for health- care-related calls.”
The TRACED Act, passed at the end of 2019, introduced new limits for prerecorded calls made under the 2012 HIPAA exemption. Callers were now only allowed to make these calls once per day and up to three times per week. Previously, there had been no limit on the calls.
In March of 2020, the initial wave of the COVID-19 pandemic forced the FCC to make use of another TCPA exemption that affected healthcare calls. The FCC issued a Declaratory Ruling to invoke the “emergency purposes” exemption, waiving the TCPA’s restrictions on “automated calls to wireless numbers made necessary by incidents of imminent danger including ‘health risks’ affecting health and safety.” The exemption was only applied to calls made by hospitals, health care providers, state and local health officials, and other government officials.
The TRACED Act also included measures to help further the implementation of STIR/SHAKEN and other means of blocking prerecorded calls. This is an issue for healthcare providers who attempt to deliver important health- related messages to patients and consumers. These new, technological solutions to block unwanted robocalls could very easily block wanted calls from entities such as healthcare providers.
The TCPA is a strict liability statute and consent is associated with the called party, not the phone number. As a result, reassigned numbers are a source of TCPA risk for all marketing calls. But for healthcare-related calls, there are additional issues relating to patient privacy. Healthcare institutions making HIPAA-related calls to numbers that have since been reassigned risk both losing their TCPA exemptions and facing potentially serious consequences for violating HIPAA.
Much of the TCPA healthcare exemptions rest on the distinction between informational calls and marketing calls. However, some healthcare entities may find themselves making calls that combine both approaches into a single, dual-purpose call. For example, a pharmacy might make a call that reminds a patient to pick up a prescription while also mentioning some other products or services that the pharmacy has available. This sort of dual purpose call is considered marketing and any healthcare entities that engage in these sorts of calls should maintain the standards of consent for marketing calls.
It is a common practice for healthcare providers to outsource collections to third-party debt collectors. If these third-party agents violate the TCPA, the organizations that hire them can be found vicariously liable for any resulting damages. Examples of possible violations include the third-party agents calling consumers without the proper consent, making calls or texts using an automatic telephone dialing system or prerecorded voice, and not honoring opt-out requests.
When an organization doesn’t supervise the strategies that debt collectors use to conduct their campaigns, the risk of possible violations occurring can be enormous. TCPA violations incurred by independent agents acting on behalf of a healthcare provider will draw that healthcare provider into any related lawsuits.
Check for Reassigned Numbers
With approximately 100,000 mobile phone numbers reassigned by wireless carriers every day, it is absolutely essential to check your data for reassigned numbers. Phone numbers may change, but the risk of TCPA liability is inevitable.
Get a Third-Party Compliance Provider
When you’re in a high-risk category like healthcare, it is not enough to just have legal counsel. It is critical to have a TCPA compliance provider on your side. You will save money and headaches and prevent brand damage.
Keep Track of Your Exemptions
The healthcare industry relies on a number of exemptions in order to contact consumers and patients with important medical information. But these exemptions are not broadly applied. They exist for specific circumstances and have necessary requirements in order to be utilized.
Know You’re Calling the Right Party
Verify your consent with the called party by confirming their current contact information.