Refill Reminders and the TCPA
The Telephone Consumer Protection Act (“TCPA”) presents another challenge as health care providers continue to engage patients and seek to meet Meaningful Use reminder objectives. Over the past year, there have been several class action suits alleging pharmacies’ prescription refill reminders violated TCPA. One federal trial court recently opined that if the plaintiff provided his cell phone number only for verification purposes, that provision of the cell number cannot be equated to consent to receive automated refill reminders on his cell phone.
The TCPA generally prohibits automated calls or prerecorded messages to cell phones, except with the prior express consent of the called party (or for emergency purposes), and prohibits prerecorded calls to residential landlines without prior express consent, except under certain exceptions created by the Federal Communications Commission (“FCC”). In addition, under rules adopted by the FCC implementing the TCPA, prior express written consent is required for prerecorded marketing calls. The FCC’s TCPA rules also require prerecorded sales calls permissibly placed pursuant to prior express consent to offer an automated opt-out mechanism allowing those who are called to revoke their previously provided consent. The TCPA authorizes the FCC to assess fines of up to $16,000 per violation, and allows private rights of action with $500 in statutory damages for violations, which can be trebled in the case of willful conduct. Recent class action suits have yielded multi-million dollar settlements for alleged TCPA violations.
The TCPA rules include two regulatory exceptions for health care messages, provided they are made by HIPAA covered entities or business associates, though the FCC has provided no meaningful guidance on what constitutes a “health care message.” The first exception applies broadly to health care messages made to residential lines, such that the FCC’s prior express written consent requirement does not apply to HIPAA-covered prerecorded calls (though the automated opt-out requirement still applies if the calls are for advertising or telemarketing).
The FCC regulations do not provide the same broad exception for health care messages made to cell phones, however. For a health care message made to cell phones, the FCC appears to limit this exception to the “prior express written consent” required for advertising/telemarketing prerecorded calls. Prerecorded health care messages to cell phones for non-marketing purposes, however, remain subject to a prior express consent requirement.
Under HIPAA, many marketing calls will require a HIPAA-compliant authorization. However, refill reminders about a drug or biologic that is currently prescribed for an individual are exempt, if the financial remuneration the covered entity receives for making the communication is reasonably related to the covered entity’s costs of making the communication. HIPAA also includes more limited marketing exceptions for communications for certain treatment or health care operations purposes where the covered entity does not receives financial remuneration for making the communication.
In two recent cases, the plaintiffs both alleged that they began receiving “robocalls” on their cell phones reminding them to refill prescriptions or containing other marketing messages from pharmacies they had not used in years. In at least one of those cases, the court indicated it would not find implied consent where the statute requires express consent, and stated that “[c]onsent for one purpose does not equate to consent for all purposes.”
The line between marketing and non-marketing calls can be tricky, particularly in the health care context, where providers routinely recommend products and services to patients. The recent cases in this area highlight the importance of the distinction between marketing and non-marketing communications. While on the one hand, health care messages that constitute marketing communications may fall within a TCPA exception, those messages may require a HIPAA-compliant authorization.
Health care providers need to understand the context in which they obtain patient phone numbers, particularly cell phone numbers. For health care providers who intend, or foreseeably could decide in the future, to make automated calls (including to meet the Meaningful Use patient reminder objective), intake forms should be reviewed to ensure consent is obtained under TCPA. Where current intake forms will not suffice as consent under TCPA, providers should ensure these numbers are not used for automated calls, unless they fall within the marketing-health care messages exception – which may raise HIPAA issues, and require compliance with the FCC’s automated opt-out rule.
Even with proper consent at the time the number is obtained, there remains a risk that the number could be transferred to a new person or that the consenting individual provides someone else’s phone number and, thus, the call is received by someone who has not provided consented, arguably, in violation of the TCPA.