Can Texting Get a Healthcare Provider in Trouble?

Article by Ron Hedges. This article was originally published on the Journal of AHIMA  on March 27, 2018 and is republished here with permission.

Can texting get a healthcare provider in trouble? The answer to that question, like many other legal ones, is “it depends.” A recent decision, Latner v. Mt. Sinai Health System, Inc., No. 17-99-cv (2d Cir. Jan. 9, 2018), provides a cautionary tale for healthcare providers that utilize text messages to reach patients.

In 2003, a patient went to a facility owned by a healthcare provider for a routine health examination. He filled out a “New Patient health form” that contained his contact information and an “Ambulatory Patient Notification Record” that gave consent to the provider to use his health information for “payment, treatment and hospital operations purposes.” In 2011, the provider contracted with a third-party to send “mass messages… including transmitting flu shot reminder texts” for the facility that the patient had visited. Later, the patient returned to the facility and declined immunization. In 2014, the patient received a text message from the facility that reminded him that it was flu season and asked the patient to call and schedule an appointment for an immunization. (Texts were sent out to all active patients of the facility who had visited it in the three years prior to the dates of the texts).

Thereafter, the patient filed a complaint in a United States district court, alleging that the facility’s 2014 text violated the Telephone Consumer Protection Act (the Act), which “makes it unlawful to send texts or place calls to cell phones through automated telephone dialing systems, except under certain exemptions or with consent.” Prior express written consent is a defense to liability under the Act. However, that consent need not be in writing if, as here, the text “delivers a ‘health care’ message made by, or on behalf of, a ‘covered entity’ or its ‘business associate,’ as those are defined in the HIPAA Privacy Rule,” according to a regulation implementing the Act.

The district court dismissed the complaint, reasoning that the 2014 text was a healthcare message as defined above. On appeal, the Second Circuit Court of Appeals noted that that reasoning was incomplete because the district court had not gone on to decide whether the plaintiff had given his prior express consent to receive the text. The appellate court then undertook that analysis:

“we affirm the District Court’s judgment on the grounds that, considering ‘the facts of the situation,’ the text message did indeed fall within ‘the scope of [Latner’s prior express] consent.’ …. Latner provided his cell phone number when he first visited in WPMG [the facility] in 2003. He also signed a consent form acknowledging receipt of various privacy notices. … In signing this form, Latner agreed that Mt. Sinai [the health care provider] could share his information for ‘treatment’ purposes, and the privacy notices stated that WPMG could use Latner’s information ‘to recommend possible treatment alternatives or health-related benefits and services. … Considering the circumstances, we hold that Latner provided his prior express consent to receiving a single text message about a ‘health-related benefit[]’ that might have been of interest to him.”

What might the Latner case teach? Setting aside any concerns that might arise under HIPAA’s Privacy Rule, Latneris a reminder that there are additional statutory and regulatory requirements that might govern communications between healthcare providers (or their business associates) and patients. These requirements need to be identified and encompassed within information governance policies and procedures so that, among other things, patients can provide appropriate consent for receipt of electronic communications.

**Editor’s Note: The views expressed in this column are those of the author alone and should not be interpreted otherwise or as legal advice.