New consent rules for contacting patients on mobile phones

Q: A member of my staff attended a conference where she was told that my practice has to make some changes to comply with federal regulations when we telephone patients about appointments, tests, and other information. Can you explain?

A: The Telephone Consumer Protection Act of 1991 (TCPA), which is enforced by the Federal Communications Commission (FCC), bans many telephone calls and text messages that are sent to a mobile phone using an automatic dialing system (ATDS) as defined in the TCPA. The recipient must previously have given consent to receive the message or the message must have been sent for an emergency reason.

Prior to October 16, 2013, when the ban took effect, consent could be inferred by an existing relationship between the sender and the recipient. In this case, the practice and the patient.

‘Unambiguous consent’

The FCC now requires prior written, unambiguous consent from the individual receiving calls from an ATDS. Calls that include text messages, pagers, or other mobile devices are included in this ruling. However, there is an exemption to the TCPA requirement for calls made as appointment reminders or that are intended to communicate healthcare-related information governed by the Health Information Portability and Accountability Act (HIPAA).

But the exemption applies to calls made to a patient’s residential line, not his or her cell phone.

Specific HIPAA guidance

HIPAA states:  “A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations:

• to the individual (unless required for access or accounting of disclosures);

• treatment, payment, and healthcare operations;

• opportunity to agree or object;

• incident to or otherwise permitted use and disclosure;

• public interest and benefit activities; and

• limited data set for purposes of research, public health or health care operations."

It is important to remember that the patient must give authorization as to whom the information is being relayed.

HIPAA guidelines are very specific on this matter. It applies to information relayed on mobile devices, pagers, and cell phones.

The importance of documentation

There should be some documentation that the patient provided prior consent for messages sent to a cell phone, pager, or other wireless device.

For the medical practice, this consent should be completed by the patient with other intake forms. If the consent is oral, perhaps for a new patient, to receive appointment reminders and health-related calls on his or her cell phone, the date the consent was given and a signature or initial of the individual who obtained the consent should appear in the patient’s medical record.

Avoiding liability

As of October 16, 2013, any messages sent to a cell phone, pager or other wireless device must do the following to avoid liability:

• identify the company (practice) to whom consent is being given;

• include the patient’s cell phone number;

• clearly disclose that the patient is authorizing the practice to engage in services and that calls may me made with an ATDS

• disclose that the practice is not required to provide consent as a condition of being a patient; and

• inform the patient that he or she may revoke his or her authorization to receive further calls or messages at any time. Such revocation does not have to be in writing.

All of this must comply with the HIPAA guidelines.

Here is an example of a form to obtain patient approval for such calls: “I consent to receive calls from (medical practice) for my protected healthcare and other services at the phone number(s) above, including my wireless number provided. I understand I may be charged for such calls by my wireless carrier and that such calls may be generated by an automated dialing system.”