Text Messages in Health Care:

Similar documents
FCC PROVIDES ADDITIONAL CLARITY ABOUT RULES UNDER THE TELEPHONE CONSUMER PROTECTION ACT

How To Get A Phone Call From A Telemarketing Company

Can I Text My Customer? Recent FCC Rulings Under the TCPA. Jonathan Thessin, Senior Counsel American Bankers Association

Wrong Number: Hot Topics In TCPA Compliance & Litigation

The Telephone Consumer Protection Act (TCPA) Protecting the public and your company

On the Line Consenting To A New Way Of Lead Generation Under The TCPA

HIPAA and TCPA Intersection: Navigating Healthcare Call Exemption, Landline/Cell Phone Distinction, Scope of Consent

DISCLAIMER. Two important things to note: Thanks for your Cooperation!

Health Care Entities Get Clarity from FCC on Telephone Communications

Telephone Consumer Protection Act for Nonprofits

Consent to Call? Internet Leads and the Telephone Consumer Protection Act. Whitepaper

Telephone Consumer Protections Act (TCPA)

The Telephone Consumer Protection Act: Compliance Developments and What to Expect in 2015

New TCPA Order Holds Few Bright Spots For Businesses

TCPA AND WIRELESS MARKETING AT THE FCC, THE FTC, AND IN THE COURTS. William B. Baker Wiley Rein LLP September 19, 2014 San Jose

Maybe You Can t Hear Me Now: Autodialer Restrictions

Advanced Media and Technology Law

This TEPL Data Protection Policy is effective from 2 July Updated on 31 Jul 2015

2nd Annual Venable Advertising Law Symposium. Minding Your TCPAs. Ellen Traupman Berge, Venable LLP Venable LLP

Continue reading to better understand the rules as they apply to automobile dealerships in the United States.

Telemarketing, , and Text Message Marketing: Tips to Avoid Lawsuits

TCPA. The Telephone Consumer Protection Act (47 U.S.C. 227), regulations promulgated at 47 CFR Jackson Lewis P.C.

The Telemarketing Sales Rule. Related Items. Sign Up for the Do Not Call Registry. PreviousNext. Robocalls. National Do Not Call Registry

Updated as of 05/15/13-1 -

UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF NORTH CAROLINA CHARLOTTE DIVISION. Case No. :

HITECH Privacy, Security, Enforcement, Breach & GINA The Final Omnibus Rule Frequently Asked Questions and Answers

Calling All Cell Phones With Express Permission. June 24 th, 2014

Telephone Consumer Protection Act - Current Issues

Update on TCPA Requirements for Text Messages and Best Practices

WHAT YOU NEED TO KNOW BEFORE TEXT MESSAGING YOUR CUSTOMERS. Business Considerations for Implementing Mobile Communications

Mobile Marketing Regulatory Compliance Lurking Dangers and Cautionary Tales. Andrew Lorentz Ronnie London Ken Payson

Before the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C COMMENTS OF THE ALLIANCE FOR TELECOMMUNICATIONS INDUSTRY SOLUTIONS

Suggested National Do-Not-Call Registry Policy

and Text Message Campaigns. Justine Young Gottshall Partner, InfoLawGroup

Before the Federal Communications Commission Washington, D.C ) ) ) ) NOTICE OF PROPOSED RULEMAKING

Keweenaw Holistic Family Medicine Patient Registration Form

Before the Federal Communications Commission Washington, D.C ) ) ) ) ) ) ) DECLARATORY RULING

Client Update FCC Both Eases and Tightens TCPA Rules

Is your injury work related? Yes No Is your injury auto accident related? Yes No If so, when was the Date Of Injury:

The Telephone Consumer Protection (TCPA): Consumer Protection Controlled Business Mayhem

FEDERAL TELEMARKETING AND OUTBOUND CALLING COMPLIANCE GUIDE. October 2013

* * * * * No member or person associated with a member shall initiate any outbound

Evolution of HB 300. HIPAA passed in 1996 Originally, HIPAA only directly impacted certain covered entities :

April 28, Marlene Dortch Secretary Federal Communications Commission th Street, SW Washington DC 20554

4.203 Opt-Out Information Procedure

The Telephone Consumer Protection Act

NOTICE OF PRIVACY PRACTICES

Recent Developments in TCPA Litigation. April 5, 2013 Aaron Van Oort Eileen Hunter Erin Hoffman

FCC s Amendments to the Telephone Consumer Protection Act ( TCPA )

Guidance on Canada s Anti-Spam Legislation (CASL) for REALTOR Members

Technology and IP Forum Back to School Marketing Primer Marketing Through Technology, What is Allowed and What Isn t?

COMPLIANT MEDICARE. Does It Exist? Is It Scalable? FOR. Monday, March 30, March 30 - April 1, Mandalay Bay Convention Center Las Vegas, NV

Direct Edge Regulatory Notice #12-03: Telemarketing Rules - Effective June 29, 2012

Physician s Practice Organization D/b/a Doctors Park Family Medicine Patient Information Brochure. To Our Patients

Before the FEDERAL COMMUNICATIONS COMMISSION Washington, DC 20554

ANALYZING THE FCC S OPEN JUNE 18 MEETING:

Novo Nordisk Patient Assistance Program P.O. Box Louisville, KY Fax:

Ready, Set, Text! Best Practices for. Texting Compliantly. Wednesday, May 4, 2016 Riverwalk South

Patient Information Form Trinity Wellness Center. Insurance Information

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

University of California Policy

NOTICE OF PRIVACY PRACTICES TEMPLATE. Sections highlighted in yellow are optional sections, depending on if applicable

MEMORANDUM. Express Consent Requirement for Delivery of Recorded Messages

Senate. File No Approved by the Legislative Commissioner May 3, 2014

How To Prevent A Telephone Solicitation In North Dakota

SAMPLE CLAUSES FOR OBTAINING AND WITHDRAWING CONSENT 08 MAY 2015

Complying with the revised TCPA Law pertaining to fax transmissions

SMS Marketing Guidelines and Examples

Brain & Spine Center of Texas, L.L.P. Dallas Minimally Invasive Spine

North Carolina Medicaid Special Bulletin

NOTICE OF PRIVACY PRACTICES

Welcome Information. Registration: All patients must complete a patient information form before seeing their provider.

Enroll in Interconnect

Telephone Consumer Protection Act (TCPA) Guide for Contact Centers

NOTICE OF THE NATHAN ADELSON HOSPICE PRIVACY PRACTICES

HIPAA & Colorado Workers Compensation

Revisiting TCPA: Staying Compliant While Addressing the Challenges and Complexities. Wednesday, March 26, 9:00 9:40am Mirage Hotel, Las Vegas, NV

Clinic 1407 South 4 th St 1850 Gateway Dr Suite A DeKalb, IL Sycamore, IL 60178

CARDMEMBER AGREEMENT AND DISCLOSURE STATEMENT

SMS MARKETING BLUEPRINT

Before the FEDERAL COMMUNICATIONS COMMISSION Washington, DC 20554

THE WORLD OF PEDIATRICS. Medical Records/Health Information Release (Please fill out and fax or send to your current practice or pediatrician)

Neustar Insights Whitepaper. Understanding TCPA: Maximizing Consumer Outreach & Mitigating Risk

Biennial Report to Congress

Patient Financial Policies

2016 OCR AUDIT E-BOOK

Ensuring HIPAA Compliance When Transmitting PHI via Patient Portals, and Texting

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF SOUTH CAROLINA. Plaintiff 2:14-cv-2081-RMG. Case No. vs. CLASS ACTION COMPLAINT

Best practices for improving consumer data quality

Health Insurance Portability and Accountability Policy 1.8.4

Student Recruitment, Third-Party Vendors, and the Federal Trade Commission

MOBILE MARKETING BEST PRACTICES

HIPAA Policies and Procedures

Kaiser Permanente Affiliate Link Provider Web Site Application

Marketing: CAN- SPAM Act Compliance

Welcome to Crozer-Keystone Health Network Primary Care

PATIENT REGISTRATION FORM

Reproductive Medicine Associates of New Jersey, LLC

Appendix : Business Associate Agreement

Harris County - Texas HIPAA Notice of Privacy Practices

Transcription:

Text Messages in Health Care: There s More to it Than HIPAA Laura Asbury Senior Director Wal-Mart Privacy Office Elizabeth Johnson Partner, Privacy and Data Security These materials have been prepared for informational purposes only and are not legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. 2016 Wyrick Robbins LLP. All rights reserved. 1 2009 Poyner Spruill LLP. All rights reserved.

How the Heck Does that Happen? Telephone Consumer Protection Act Limits text messages and robocalls delivered by autodialer (regardless of content) Consent standards Requirements pertaining to marketing messages Do-Not-Call Registry Time-of-Day Limits Suppression In-Call Opt Out for Robocalls Policies Training Why the Settlement? + 2 2009 Poyner Spruill LLP. All rights reserved.

= Big Settlements Capital One $75M Jiffy Lube $35-47M AT&T $45M HSBC $40M Bank of America $32M Papa John s $16M Lifetime Fitness $10-15M Gallup $12M Walgreen $11M Steve Madden $10M Discover $8.7M Kaiser Permanente $5.4M Presentation Format and Assumptions Format Present five health-care-based hypotheticals Demonstrate compliance concerns that arise for each Suggest strategies to address Assumptions All messages sent through an automatic telephone dialing system ( autodialer ) Text message and pre-recorded, auto-dialed calls are considered interchangeably Focus will be primarily on compliance with Telephone Consumer Protection Act ( TCPA ) 3 2009 Poyner Spruill LLP. All rights reserved.

Hypotheticals Each hypothetical has a major lesson to impart: 1. No marketing, no problem 2. Not-so-broad: TCPA s exemption for HIPAA messages 3. Vetting new programs: it s not all about HIPAA or consent 4. Beyond health care messages: payment due 5. Beyond patient messages: employee communications Hypo #1 No marketing, no problem (right??) A pharmacy wants to start a refill reminder program. Since it has telephone numbers for most of its patients, the pharmacy decides to implement a text reminder that will be delivered a few days before the current fill is due to run out. 4 2009 Poyner Spruill LLP. All rights reserved.

Marketing What is it? Refill reminders are not marketing for HIPAA purposes If currently prescribed, and If any financial remuneration received in exchange is reasonably related cost of the communication Same analysis for: Treatment (e.g., recommend alternate treatments or care settings) Case management/care coordination Health care product or service covered by benefits plan Generic equivalents Recently lapsed prescription (90 calendar days) Adherence communications Marketing under TCPA The initiation of a telephone call or message for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services FCC 2003 Report and Order (discussing dual purpose calls): [S]uch messages may inquire about a customer s satisfaction with a product already purchased, but are motivated in part by the desire to sell ultimately additional goods or services. [R]egardless of the customer service element to the call [i]f the call is intended to offer property, goods, or services for sale either during the call, or in the future that call is an advertisement. Ninth Circuit: Recorded messages regarding a customer loyalty program are telemarketing messages Courts and FCC conduct a fact-based analysis of caller s intent Calls/texts need not include advertisements to be deemed telemarketing 5 2009 Poyner Spruill LLP. All rights reserved.

But marketing is not the only risk TCPA requires consent for any text or robocall to a mobile phone VERY limited exceptions coming in next hypothetical Consent can be withdrawn by any reasonable means Consent standard lower for: Informational messages (non-marketing) Health care messages Getting Consent Context Matters Kolinek provided cell number to Walgreens pharmacist who told him that his number was needed for potential identity verification purposes Court dismissed, relying on 1992 FCC order stating persons who knowingly release their phone numbers have in effect given their invitation... to be called. Court later reconsidered and reinstated case, relying on 2012 FCC order 6 2009 Poyner Spruill LLP. All rights reserved.

Hypo #2 TCPA s not-so-broad HIPAA exemption A patient checks into Hospital ABC for a routine, outpatient procedure. In the days leading up to the surgery, the patient completes certain paperwork which includes a blank for phone number. The patient fills in her cell phone number. On the day before the surgery, for the convenience of the patient, Hospital ABC sends the patient a text message reminding her of the scheduled time to arrive at the hospital and certain other important pre-surgery reminders. Generalized TCPA Requirements** HIPAA exception Autodialers/ Robocalls Prior express written consent req d for telemarketing msgs to: Text to wireless Robocall to wireless Robocall to residential line Prior express consent req d for informational texts or robocalls to wireless lines EBR exception Federal Do-Not-Call Requirements Time-of-day restrictions Federal do-not-call registry Maintain policies/ training to limit exposure ** Fax requirements excluded Organization Suppression Internal suppression process Policies and training Maintain list 7 2009 Poyner Spruill LLP. All rights reserved.

Did the Hospital obtain proper consent to send the text message? The TCPA does not include a broad HIPAA exemption Instead, TCPA allows a lower consent standard if delivering a healthcare message as defined under HIPAA Messages to a cell phone require prior express consent Messages to a residential phone number does not require consent Was the content of the text message a health care message under HIPAA? Health care message not well defined Treatment communications under HIPAA within scope of health care message Marketing defined differently under HIPAA and TCPA Is there an exception for delivering messages to a cell phone without prior express consent? Yes, for certain urgent healthcare messages, if specific requirements are met: 1. Only sent to wireless telephone number provided by the patient 2. State the name and contact information of the healthcare provider 3. Content of message limited to specific topics 4. Must be one minute or less in length or 160 characters or less 5. Initiate only one message per day (whether by voice call or text message), up to a maximum of three messages combined per week from a specific healthcare provider 6. Must offer recipients within each message an easy means to opt out of future such messages, 7. Healthcare provider must honor the opt-out requests immediately. 8. Message must be free to the end user 8 2009 Poyner Spruill LLP. All rights reserved.

Hypo #3 Vetting new programs As the Compliance Officer for your health care institution, you meet periodically with the IT department to discuss compliance-related technology needs. During a recent meeting, a developer mentioned a new text message program scheduled to launch next week. The program will send text messages to patients who delivered a baby in the last 60 days with reminders about well-baby care. The messages are sponsored by a local baby store and include coupons. The developer was very excited about this great new way to engage Millennial moms (a term he borrowed from the marketing department). Building a relationship now could help ensure they keep visiting your institution for life. How will the program manage the patient s communication preferences? How will the program obtain proper consent from the called party? Prior express written consent is required before sending the message because message includes an advertisement HIPAA Authorization likely required because of use of PHI for marketing purposes Is the patient offered a way to opt-out of future messages? The patient must be provided a way to revoke consent and halt future messages Opt-out must be processed as quickly as possible How is the record of consent or opt-out maintained? The EMR or other system must maintain a record of each action by the patient to opt-in and opt-out of the program. Record should include a time and date stamp of each action 9 2009 Poyner Spruill LLP. All rights reserved.

What does your Text Message Compliance Program look like? Does the organization have procedures on how to implement a text message program? At a minimum, procedures should include standards on: obtaining consent, offering opt-outs, permissible and required content in messages, times of day messages can be delivered, and how to retain records How has training been provided to key areas on text message compliance requirements? Provide detailed training to departments most likely to develop text and auto-dialed call programs General awareness communication to entire organization Does the organization have a method to audit & monitor programs? Inventory of all programs Periodically review programs against policies and procedures, with a focus on highest risk requirements Will a vendor be used to send the text message? Vendors are commonly used to implement text message programs Vendors operate auto-dialing equipment used to send the message Key considerations when vetting a vendor: Vendor s level of understanding federal and state legal requirements Contract should state which entity is executing different TCPA compliance requirements Indemnification expectations State licensure requirements Set expectation within organization as to which vendors may be used 10 2009 Poyner Spruill LLP. All rights reserved.

Hypo #4 Beyond HIPAA: Payment Due Upon visiting a physician s practice for treatment, a patient fills out new patient forms and provides her cell phone number in a box provided for contact information. She also completes a separate form acknowledging her responsibility to pay for her care and signs it. She does not pay for her care, and the account becomes delinquent. The physician s office refers the matter to a collections specialist, which delivers payment reminder robocalls to the cell phone number in the new patient paperwork. 11 2009 Poyner Spruill LLP. All rights reserved.

Consent for Debt Collection Prior express consent Phone number given as a contact point will be okay for debt collection if the phone number was given in context of transaction that gave rise to debt FCC 2008 Favorable Example: Chavez v. Advantage Group Chavez seeks care at Parkview Medical Center; provides cell phone number during admission process Fails to pay bill; Parkview assigns debt to Advantage Advantage uses autodialer to repeatedly call Caves re: bill Chavez sues, but court finds consent based on disclosure of phone number Consent for Debt Collection Risks Distinction between express consent or implied consent? Mais decision Number reassignment Opt out Recommendations Context matters (number must be disclosed in context of transaction from which debt arose) Be explicit (arguably not required) Writing not required, but highly recommended 12 2009 Poyner Spruill LLP. All rights reserved.

Hypo #5 Beyond HIPAA: Employee Communication Hospital XYZ operates in a cold climate that has frequent snow storms during the winter making roads difficult to travel. During these months it can be difficult to ensure proper nursing coverage. In an effort to communicate more effectively with the nursing staff about the scheduled shifts and available open shifts, the hospital plans to start using text messages to communicate with the nursing staff. How will the program manage the employee s communication preferences? Does the program obtain proper consent from the nurse before delivering the text? The TCPA requires prior express consent when delivering an informational message to a called party No exception for messaging employees Will the program offer an ability to opt-out of future messages? The nurse (e.g., called party ) must be able to revoke his/her prior consent Will the messages be received on a hospital-owned phone or the nurse s personal phone? Prior consent can be obtained from the current subscriber 13 2009 Poyner Spruill LLP. All rights reserved.

Is alternative communication channel available? Could the same content be delivered through a push to app notification or an email? TCPA only applies to text message or auto-dialed calls. App notifications and emails are outside scope of the TCPA. Wrapping It All Up Key Takeaways Balance practical considerations and legal risk in execution Know the level of consent required, but consider burden of proof Ensure proper opt out channels are available; vet for reasonableness Implement rule requirement, but be aware of FCC commentary and court interpretations Contract posture as a tool for compliance and risk mitigation Communication, procedures and training are critical elements of your text message compliance program 14 2009 Poyner Spruill LLP. All rights reserved.

Wrapping It All Up Risks to Consider Math problem (no fault, lots of messages = big money) Mistakes (fat fingering, opt out fail) Misunderstandings (customer does not understand they agreed) Number reassignment Vendors Questions? Laura Asbury Senior Director Wal-Mart Privacy Office laura.asbury@walmart.com Elizabeth Johnson Partner, Privacy and Data Security Wyrick Robbins ejohnson@wyrick.com 15 2009 Poyner Spruill LLP. All rights reserved.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information