Outcome Health has agreed to settle a class action lawsuit for $2.9 million for alleged violations of the Telephone Consumer Protection Act (TCPA) arising from the transmission of automated text messages to users who had expressly opted out of receiving such messages. The TCPA prohibits, among other things, the making of certain calls, including SMS text messages, or using an auto-dialer or an artificial or prerecorded voice to a wireless telephone number without prior express consent.
Outcome Health, formerly ContextMedia Inc., provides interactive digital devices to physician offices and hospital systems that are intended to educate patients through viewing videos, photos and other materials. In this case, the lead plaintiff watched a program playing in the waiting room of a doctor's office and opted in to receiving automated text messages containing nutrition tips. According to the complaint, after receiving several text messages, the plaintiff decided she no longer wanted to receive these messages so she replied "STOP" as requested by the text messages for those individuals wishing to opt out. Despite her numerous attempts to revoke consent, she continued to receive the text messages. Under the TCPA, consumers are permitted to revoke prior express consent to receive text messages and the opt-out can be done in writing such as through a responsive text message. In this case, the plaintiff asserts that her reply of "STOP" to a text message should have been sufficient to cease further communications. Outcome Health denies that it violated the TCPA but has agreed to settle the claims to avoid the cost of continued litigation.
Outcome Health also agreed as part of the settlement to withdraw a petition it filed with the Federal Communications Commission. The petition sought clarification on whether an unknowable technical error is protected from liability under the TCPA. In the petition, Outcome Health asserted that an unknown and inadvertent technical error caused the improper processing of unsubscribe requests in connection with its health-related text messaging. Outcome Health agreed to withdraw this petition.
Baker Donelson Comments
TCPA authorizes damages of $500 per violation that can be trebled to $1,500 for willful or knowing violations under the statute's private right of action. Monetary damage awards can be significant as there is no maximum cap on liability. The cost of TCPA actions and settlements can be exorbitant and damaging to the reputation of a company. Providers should review their communication policies, specifically related to text messaging, to ensure that appropriate procedures are in place for obtaining proper consent to send text messages and for safeguarding against ongoing communications to patients who have revoked consent via opt-out mechanisms. It is also important for providers to assess the HIPAA implications of communicating with patients via SMS text message platforms which are not secured by encryption. Transmitting PHI via unsecure methods could be viewed as impermissible under HIPAA unless the patients are advised of the security risks and they consent anyway. Therefore, including a notice regarding security of text messages may be advisable.
Obtaining proper consent for text messaging should also be obtained as part of a provider's obligations under the Health Insurance Portability and Accountability Act (HIPAA). Under HIPAA, all providers should have proper privacy and security measures in place if they wish to send text messages to patients. Providers should remind patients of the privacy issues involved and that privacy is not guaranteed if they are messaging on an unsecure platform because there may be a risk that the information could be viewed by an unintended third party.