From the mHealthNews archive

Avoid this little-known but costly HIPAA trap

By Eric Wicklund

Healthcare providers who call patients or send automated calls or text messages may be running afoul of federal law.

The law in question, the Telephone Consumer Protection Act (TCPA), was enacted in the 1990s to protect consumers against unwanted automated calls sent to residences or cellphones. The Federal Communications Commission recently established an exemption for healthcare messages that are regulated through HIPAA.

The problem? According to Christine Reilly, co-chair of the TCPA Compliance and Class Action Defense group at the law firm of Manatt, Phelps & Philips, HIPAA doesn't specifically define a "healthcare message."

"There really is not a lot there about those requirements," she told mHealth News. "It is not exactly a model of clarity."

The TCPA, Reilly says, was designed primarily to eliminate unwanted solicitations, and gave birth to the more-well-known Do Not Call Registry in 2003. But how does that translate to a healthcare message that may or may not be selling the provider's services – such as reminders for screenings or appointments, prescription refills and general health and wellness information?

"Those are a little bit more hybrid," Reilly said. "TCPA might consider it marketing, but with a healthcare message it likely falls under HIPAA."

Healthcare providers risk falling into the "TCPA trap," Reilly says, if they enable these types of messages without examining the legal implications. And those are costly – fines of between $500 and $1,500 per message.

Reilly, who will be presenting a webinar in July 30 on the TCPA, suggests healthcare providers check with legal counsel on whether their messaging protocols conform to TCPA or fall under HIPAA.

"Providers want to know what, in fact, qualifies as a healthcare message and what qualifies as an exemption," Reilly says. "A lot of the questions we're getting are about how this works in practical terms."

Related articles: 

Clarifying the HIPAA confusion: Think beyond texting

Debunking the most common myths about HIPAA

What is protected health information?