Telephone Consumer Protection Act (TCPA) White Paper for Patient Account Communications

Prepared by:

Nick Whisler and Josh Stevens

Mac Murray & Shuster LLP

6525 West Campus Oval, Suite 210

New Albany, Ohio 43054 

I.               INTRODUCTION[1]

Calls and text messages offer healthcare providers a great opportunity to communicate with patients for billing, servicing and related purposes.  These communications must, however, comply with the Telephone Consumer Protection Act (TCPA),[2] including its automatic telephone dialing system (ATDS) restrictions.[3]  Although the strictest requirements are reserved for telemarketing communications, the TCPA requires prior express consent (express consent) to send invoicing, payment reminder and account servicing messages (collectively “account communications") using an ATDS.[4] 

II.              DISCUSSION

A.    What is an ATDS?

            The TCPA defines ATDS as "equipment which has the capacity— (A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers."[5]  This definition has caused significant disagreement and confusion regarding the types of devices that qualify as an ATDS.  In a 2015 Order, the Federal Communications Commission (“FCC”) adopted a very broad interpretation of ATDS; however, the D.C. Circuit struck down that interpretation in 2018.[6]  Courts continue to disagree about the functionality needed to be an ATDS[7] and how human intervention—particularly with regard to text platforms—factors into the ATDS analysis.[8]  Although PatientPay has an argument that its platform is not an ATDS because it cannot randomly or sequentially generate phone numbers, the safest course of action is to limit calls and texts to patients who consented to receive such communications.[9]

B.    What Constitutes Express Consent?

The TCPA does not define express consent.  In 1992, the FCC held that “persons who knowingly release their phone numbers have in effect given their invitation or permission to be called at the number which they have given, absent instructions to the contrary.”[10]  The FCC reiterated this holding in a 2008 Declaratory Ruling related to debt collection calls (“the provision of a cell phone number to a creditor, e.g. as part of a credit application, reasonably evidences prior express consent by the cell phone subscriber to be contacted at that number regarding the debt.”)[11] and again in its 2015 Order.[12]  Calls must be within the scope of consent, which means they should relate to the general purpose(s) for which the person provided his/her phone number.[13]  The FCC has also held that callers may obtain express consent through an intermediary[14] and consent extends to third parties calling (or texting) on behalf of the entity that has consent.[15]

            Courts have similarly held that express consent extends to third parties calling on behalf of healthcare providers.  For example, in Mais v. Gulf Coast Collection Bureau, Inc., the Eleventh Circuit held that a collector can rely on the express consent a patient’s wife provided to a healthcare provider.[16]  The court noted that Mais’ wife received the hospital’s Notice of Privacy Practices, which disclosed that it may use and disclose health information to bill and collect payment.[17]  Although Mais argued that “health information” did not include his cell phone number, the court disagreed pointing out that the admission form containing the number was part of the record of his visit and, therefore, part of his “health information.”[18]

Similarly, in Fober v. Mgmt. & Tech. Consultants, LLC, the Ninth Circuit held that a third party calling to conduct customer satisfaction surveys (a non-marketing communication) for the benefit of a doctors’ group could rely on express consent conveyed to the doctors’ group.[19]  The court emphasized that the very act of turning over one’s phone number demonstrates a willingness to be called for purposes that relate to the reason the person provided their phone number in the first place.[20]  The patient enrollment form indicated that the doctors’ group could disclose her information for “quality improvement” and customer service surveys to assist with improving quality.[21]  Relating specifically to the fact the calls were made by a third party, the court opined “when Plaintiff authorized Health Net to disclose her phone number for certain purposes, she necessarily authorized someone other than Health Net to make calls for those purposes.”[22]  In short, by providing her phone number on an enrollment form, the patient gave express consent for communications permitted under the healthcare provider’s privacy notice, including communications from a third party on the provider’s behalf.[23]

These cases demonstrate that a healthcare provider has express consent to call and text patients for any purpose expressly or implicitly contemplated by its Notice of Privacy Practices or other enrollment forms.  Even if a patient did not receive a Notice of Privacy Practices, or the Notice does not cover account communications, FCC guidance demonstrates that the provider has express consent for such communications (which are necessarily related to the purpose(s) for which the patient provides his/her number) unless the patient provides “instructions to the contrary”.    

C.     Revocation of Consent

            Patients may revoke their consent by any reasonable means.[24]  Additionally, businesses may not take steps to abridge a patient’s right to revoke consent, such as requiring the patient to send a fax or use some other specific method to revoke consent.[25]  Limits do exist as to what is reasonable and, as articulated by the D.C. Circuit in ACA Int’l, “[i]f recipients are afforded [clearly-defined and easy-to-use] options, any effort to sidestep the available methods in favor of idiosyncratic or imaginative revocation requests might well be seen as unreasonable.”[26]  Healthcare providers must honor and keep records of consent revocations, whether provided by the patient directly to the provider or to one of its service providers.  If a healthcare provider uses one or more service providers to send communications on its behalf, it must implement a process to facilitate the two-way communication of patient’s consent revocations.  This allows the healthcare provider to consolidate revocations into a single “opt-out” list and gives proper notice to the service provider(s) to suppress calls and/or texts to applicable numbers.

D.    Using PatientPay for Account Servicing Communications

            PatientPay provides an automated patient communication platform that facilitates account communications.  As a full-service payment platform, PatientPay also facilitates remittance of payments by patients.  Like in Mais, PatientPay’s communications are intended to address billing and payment matters associated with the patient’s account and only require express consent.  Further, as in Mais and Fober, PatientPay may communicate on the healthcare provider’s behalf and rely upon the provider’s express consent with the patient.  If the provider’s Notice of Privacy Practices informs the patient that his/her health information or personal information may be disclosed for billing, payment or similar purposes, the provider has express consent for account communications (unless the patient revoked the consent).  Even without clear disclosure in the Notice of Privacy Practices, a healthcare provider and PatientPay likely have express consent for account communications, which are necessarily related to the purposes for which the patient provided his/her phone number to the provider. 

            Each healthcare provider must keep a consolidated list of patients that revoke consent for autodialed calls and texts.  The provider should not give a phone number to PatientPay if it is on the “opt-out” list.  Additionally, the provider should notify PatientPay whenever it receives a consent revocation directly from the patient of through another vendor.  This will allow PatientPay to suppress calls and texts to that number.  PatientPay accepts and honors consent revocations (e.g. patients that reply “STOP” to a text message or request not to be called again) and has procedures in place to communicate these revocations back to the healthcare provider.

III.            CONCLUSION

Although the TCPA requires express consent to use an ATDS for informational calls/texts to patients’ cell phones, healthcare providers likely have consent to send account communications to patients unless those patients revoked consent to be contacted.  Third party service providers, like PatientPay, may rely upon the healthcare provider’s express consent to communicate with the patient.  As with any compliance issue, each healthcare provider should consult with its legal counsel to evaluate the policies and procedures it has in place to collect/document express consent and to process/honor revocations of consent.

[1] This white paper provides general information regarding a topic area and does not constitute legal advice.  Please consult your own attorney for legal advice.

[2] 47 U.S.C. § 227, implementing regulations at 47 C.F.R. § 64.1200.

[3] 47 U.S.C. § 227(b)(1)(iii). See also, Satterfield v. Simon & Schuster, Inc., 569 F.3d 946, 951-952 (9th Cir. Cal. 2009) (citing In re Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, Report and Order, 18 FCC Rcd. 14014, 14115 (July 3, 2003) (articulating that text messages are calls under the TCPA).

[4] Compare 47 C.F.R. § 64.1200(a)(2) (requiring “prior express written consent” for telemarketing communications) with 47 C.F.R. § 64.1200(a)(1) (requiring “prior express consent” for informational and other non-marketing communications).

[5] 47 U.S.C. § 227(a)(1).

[6] In re Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, Declaratory Ruling and Order, CG Docket No. 02-278, WC Docket No. 07-135, FCC 15-72 (July 10, 2015) (“2015 Order”); ACA Int’l v. FCC, 885 F.3d 687, 697 (D.C. Cir. March 16, 2018) (“If a device’s capacity includes functions that could be added through app downloads and software additions, and if smartphone apps can introduce ATDS functionality into the device, it follows that all smartphones, under the Commission’s approach, meet the statutory definition of an autodialer. [. . .] If every smartphone qualifies as an ATDS, the statute’s restrictions on autodialer calls assume an eye-popping sweep.”).  

[7] Compare Pinkus v. Sirius XM Radio, Inc., 2018 U.S. Dist. LEXIS 125043 (device must be capable of generating and dialing random or sequential numbers) with Marks v. Crunch San Diego, LLC, 904 F.3d 1042, 1052 (9th Cir. Sept. 20, 2018) (device is an ATDS if it can automatically dial numbers from a list).

[8] Compare Jenkins v. mGage, LLC, 2016 U.S. Dist. LEXIS 106769 and Duran v. La Boom Disco, Inc., 2019 U.S. Dist. LEXIS 30012 (holding that text platforms do not meet the definition of ATDS because a human must select the phone numbers, type or select the message and schedule the batches of texts for delivery) with Blow v. Bijora, Inc., 855 F.3d 793 (7th Cir. May 4, 2017) (district court prematurely granted summary judgment in case involving text platform that requires human intervention to load and schedule texts but lacks human intervention when the scheduled texts are actually sent).

[9] The FCC, under new leadership, solicited comments on the ATDS definition in the wake of ACA Int’l.  We anticipate the FCC will issue a new ATDS interpretation in 2019; however, interested parties will likely seek judicial review of the FCC’s new interpretation on grounds that it is too narrow or too broad, as applicable.

[10] In re Rules Implementing the Telephone Consumer Protection Act of 1991, Report and Order, 7 FCC Rcd. 8752, 8769 at ¶ 31 (“1992 Order”).

[11] In re Rules Implementing the Telephone Consumer Protection Act of 1991, Declaratory Ruling, 23 FCC Rcd. 559, 564 (adopted Dec. 28, 2007; released Jan. 4, 2008) (citing a House of Representatives report stating that “the restriction on calls to emergency lines, pagers, and the like does not apply when the called party has provided the telephone number of such a line to the caller for use in normal business communications.”).

[12] 2015 Order at ¶ 141.

[13] Id.

[14] In the Matter of GroupMe, Inc./Skype Commc’ns S.A.R.L. Petition for Expedited Declaratory Ruling, Rules & Regulations Implementing the Tel. Consumer Protection Act of 1991, Declaratory Ruling, 29 FCC Rcd. 3442, 3444 (Mar. 27, 2014) (“[T]he TCPA does not prohibit a caller . . . from obtaining the consumer’s prior express consent through an intermediary[.]”).

[15] 2015 Order at ¶ 141.

[16] Mais v. Gulf Coast Collection Bureau, Inc., 768 F.3d 1110, 1125 (11th Cir. Sept. 29, 2014).

[17] Id. at 1124. (“We have little doubt that by signing the admission forms Mais’ wife agreed to allow the Hospital to transmit his health information to Florida United so it could bill him for services rendered.”).

[18] Id. at 1125.

[19] Fober v. Mgmt. & Tech. Consultants, LLC, 886 F.3d 789 (9th Cir. Mar. 29, 2018)

[20] Id. at 792-793.

[21] Id. at 793.

[22] Id. at 794 (emphasis in original).

[23] See also, Baisden v. Credit Adjustments, Inc., 813 F.3d 338, 346 (6th Cir. Feb. 12, 2016) (“The FCC’s rulings in this area make no distinction between directly providing one’s cell phone number to a creditor and taking steps to make that number available through other methods, like consenting to disclose that number to other entities for certain purposes.”) (emphasis in original).

[24] 2015 Order ¶ 55.

[25] 2015 Order ¶ 64.

[26] ACA Int’l v. FCC, 885 F.3d at 710.