The deluge of robocalls directed at hospitals has caused chaos in the health care industry over the last few years by overwhelming communications networks with fraudulent and disruptive robocalls, many of which are so-called spoofing calls designed to extract financial or insurance information about patients or hospital workers. Recognizing that these robocalls were creating a clear and present danger to patient and staff privacy and posing a threat to public safety, Congress directed the FCC to establish the Hospital Robocall Protection Group (HRPG) in the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act of 2019 (TRACED Act). The HRPG issued a report in December 2020 recommending voluntary best practices for hospitals and other health care facilities to minimize the impact of these unlawful robocalls. On June 11, 2021, the FCC published its assessment of HRPG’s recommended best practices and endorsing their voluntary adoption as an effective strategy for minimizing the havoc these unwanted calls can cause.
The FCC recommends that hospitals educate clinicians and staff to identify unlawful robocalls, thereby minimizing the risk that those calls can interfere with patient care and hospital operations. The FCC is also encouraging hospitals to create a robocall incident response plan and increase their robocall blocking and labeling offerings from their phone providers. Acknowledging that voluntary adoption of the best practices requires a coordinated approach by hospitals, voice service providers, and federal and state law enforcement agencies, the FCC further recommends improved communication between law enforcement and hospitals to maximize law enforcement’s chance of identifying the source of the robocalls.
Tasked to determine the best means of facilitating adoption of these best practices, the FCC determined that education of, and outreach to, hospitals are the preferred avenues. The FCC guidance suggests that the American Hospital Association, the American Society for Health Care Risk Management, the College of Healthcare Information Management Executives, and other organizations focused on hospital risk management and security are best positioned to provide outreach and training to hospitals. The FCC’s guidance suggests that these organizations take “primary responsibility” for developing educational materials and providing outreach to their constituencies on the best practices for addressing illegal robocalls.
Nixon Peabody’s Cybersecurity & Privacy Team will continue to monitor the FCC’s efforts to combat illegal robocalls in the health care industry.