A federal trial court docket has interpreted the Phone Shopper Safety Act (TCPA) to permit a person to pursue TCPA claims towards a HIPAA-regulated well being plan that left 20 plan-related voicemail messages over a span of 11 months. The person alleged that the well being plan violated the TCPA in two methods: by calling a telephone quantity that he had listed with the Nationwide Do Not Name (NDNC) registry, and by leaving 4 prerecorded voicemails with out acquiring the person’s prior categorical consent. The person claimed that he had not had any prior dealings with the well being plan, and the calls have been meant for another person. The well being plan contended that the NDNC registry didn’t prohibit its calls as a result of they solely offered details about the well being plan and weren’t solicitations—they didn’t point out or encourage the acquisition of property, items, or providers. And the well being plan additional asserted that the prerecorded messages needs to be thought-about “well being care messages” that, as a HIPAA lined entity or enterprise affiliate, the plan might depart with out the person’s prior categorical consent.
The court docket rejected each defenses. The court docket disagreed with the well being plan’s characterization of the requires functions of the NDNC declare as informational solely, reasoning that calls which can be informational on their face could also be a part of a broader advertising technique and, consequently, a pretext for solicitation. Noting the massive quantity of calls and the truth that the person would have needed to converse with a well being plan consultant to assert the free providers, the court docket held that the person had adequately alleged that the “informational” calls have been pretextual. Addressing the prerecorded messages, the court docket dominated that the TCPA exception applies solely when a well being care message is a part of a name that features an commercial or constitutes telemarketing. If a name is informational solely, then the exception for well being care messages doesn’t apply, and the requirement for “prior categorical consent” is controlling. As a result of the well being plan had not obtained the claimant’s categorical consent earlier than sending these prerecorded informational messages, the claimant had adequately acknowledged a declare beneath the TCPA. The court docket defined that categorizing the prerecorded calls as informational was according to its NDNC holding that the calls might be solicitations for the reason that basis of the pretext doctrine is that facially informational calls could also be a part of a broader solicitation or promoting scheme. The court docket famous that the well being plan might develop proof on the aim of the calls in additional proceedings.
EBIA Remark: This case highlights the significance of understanding the broad array of privateness legal guidelines—aside from HIPAA—that will restrict the power of well being plans and their enterprise associates to make use of and disclose PHI. A use or disclosure of PHI that’s permitted by HIPAA should still run afoul of different legal guidelines. For extra info, see EBIA’s HIPAA Portability, Privateness & Safety guide at Part XXXIV.J (“Phone Shopper Safety Act of 1991”). You might also be desirous about our webinar “HIPAA Breaches: Preparation and Response” (recorded on 1/26/22).
Contributing Editors: EBIA Workers.
