Follow the Rules When Phoning Patients

Update: Prior to April 1, 2021, the Federal Communications Commission and some jurisdictions had defined an “automatic telephone dialing system” very broadly, to include a device capable of autodialing phone numbers, a definition so broad and vague that it could include most cell phones. Indeed, only rotary phones appeared to fall outside of it. On April 1, 2021, the U.S. Supreme Court decided, in Facebook, Inc. v. Duiguid et al., that to qualify as an “automatic telephone dialing system” under the TCPA, a device must have the capacity either to store a phone number using a random or sequential number generator, or to produce a telephone number using a random or sequential number generator. The ADA had urged the Federal Communications Commission to adopt this more narrow definition in comments filed with the agency on June 26, 2018. While this U.S. Supreme Court decision could make it easier for dental practices to select devices that are not “autodialers,” it does not eliminate the risk of a TCPA violation. This resource has been revised based on the U.S. Supreme Court decision.

Does your dental practice call or text patients? You might need to get their prior written consent and take certain other steps in order to avoid liability and penalties under federal laws such as the Federal Communications Commission's (FCC) regulation, titled the Telephone Consumer Protection Act (“TCPA”). These laws are an attempt to address the problem of unwanted telemarketing communications, but may result in situations where traditional methods of contacting patients run afoul of the rules.

Below are some suggestions and a sample consent form to help you. The rules themselves are complicated and depend on a lot of things, like what the message is, whether you’re calling a wireless or a landline phone, and whether you’re using an automated or prerecorded voice or equipment that has the capacity either to store a phone number using a random or sequential number generator, or to produce a phone number using a random or sequential number generator. And there is a small carve-out for practices covered by HIPAA (See section III below). Your state may also have laws that apply to phone calls and texts, and state law can be even more stringent than the federal law.

Dental practices are among the businesses that have already been sued for violating these laws. The TCPA lets individuals sue for up to $1,500 for every phone call or text that violates the law. That can add up fast. Civil penalties of up to $16,000 per violation can be imposed for violations of the Telephone Sales Rule (“TSR”), a federal law that applies to phone calls and texts with a marketing or advertising message.

Here are some ways to help stay on the safe side.

  • If you call or text patients with health care and collections messages, but not marketing or advertising messages

The following steps may help you reduce legal risk under the TCPA[1] if you make calls or send texts containing only information related to health care (such as an appointment reminders) and information about payment, accounts or collections, but not marketing or advertising, whether you are calling a wireless or landline number, and whether or not you use prerecorded voice messages or your equipment is an “autodialer” (i.e., has the capacity either to store a phone number using a random or sequential number generator, or to produce a telephone number using a random or sequential number generator):

  1. Ask patients to sign a consent form before you make a phone call or send a text. See the sample consent form below.
  2. Frequently ask patients to verify that the contact information on their consent forms is up to date. If a patient gets a new cell phone number and the old number is reassigned, calling the old number more than once can violate the law.
  3. Train your staff never to call or text a number that they believe has been reassigned. “Warning signs” can include reaching a person who is not the patient, getting a “wrong number,” or getting a voice mail that doesn’t give the patient’s name. If this happens, your staff can reach out to the patient by another means (such as U.S. mail or an email, if permissible) to ask whether they have a new phone number.
  4. If a patient revokes consent to call or text, stop calling/texting the number immediately. Patients can revoke consent by any reasonable means, orally or in writing – you can’t require them to use any particular method. Train your staff to be alert to revocations and to record them promptly. For example, a patient might say: “Please don’t send me any more texts” or “Don’t call me at that number anymore.”
  5. Train staff to promptly and accurately record any change of phone number – for example, if a patient says: “I’ve got a new cell phone number,” or “Let me change my phone number in your records.”
  • If your dental practice also calls or texts marketing and advertising messages

Dentists may not think of themselves as “telemarketers,” but if you or a vendor on your behalf calls or texts messages to induce someone to purchase goods or services, you may need to comply with federal (and possibly state) laws for telemarketers. These laws are too complicated to summarize here, but you may be familiar with the Telephone Sales Rule (“TSR”), which established the national “Do-Not-Call” registry. In fact, you may have added your own name to the Do-Not-Call Registry to prevent unwanted telemarketing calls.

If the TSR applies, you (or your vendor) must check the Do-Not-Call registry before making the communication, check your dental practice’s own “do-not-call” list of persons who have asked you not to call again, and take a number of other steps.

Some exceptions apply to the TSR, including an exception for calling individuals with whom you have an “established business relationship,” which means individuals you have done business with in the past 18 months and individuals who have submitted in inquiry or application to you in the past 3 months, unless the individual has asked you not to call again. Note that an “established business relationship” may not mean the same thing as a “patient of record” because the timeframes may not be the same.

If you hire a company to make calls for you, both you and the company are responsible for compliance, and are potentially liable for any violations. A dental practice that wishes to hire a company to make phone calls would be prudent to include in the contract a requirement that the company comply with all applicable laws, including the dental practice’s obligations under the Telephone Sales Rule, Telephone Consumer Protection Act, and similar state and local laws, and that the company indemnify the dental practice for any liability arising from the company’s failure to do so. These provisions could go in the “Business Associate Agreement” if your practice is covered by HIPAA. A company that calls patients on your behalf is likely to be your “business associate” if your dental practice is covered by HIPAA.

For more information about the TSR, visit the Federal Trade Commission Complying with the Telemarketing Sales Rule and the National Do Not Call Registry. More information about federal rules that apply to advertising is available at the Business Center | Federal Trade Commission.

Whether or not there is an established business relationship, the TCPA may also come into play if you send marketing or advertising messages via phone call or text, and you would need to get specific prior written consent (so you would need to add additional permissions to the consent form).

  • If you’re covered by HIPAA and you call and text only health care messages to patients

If your dental practice is covered by HIPAA, you do not need to get prior written consent before sending a “health care” message[2] to a patient, even if you call or text the patient’s cell phone using telephone equipment capable of autodialing or using an automated or prerecorded voice, as long as you meet the following requirements:

  • The message is limited to a healthcare treatment purpose: appointment and exam reminders and confirmations, wellness checkups, hospital pre-registration instructions, pre-operative instructions, lab results, post-discharge follow-up intended to prevent readmission, prescription notifications, and home healthcare instructions.
  • The message does not contain marketing, solicitation, advertising, accounting, billing, debt-collection, or other financial content.
  • The call or text is sent only to the wireless number provided by the patient.
  • The call or text states the name and contact information of the dental practice (for voice calls, this information must be at the beginning of the call).
  • The call or text complies with the HIPAA Privacy Rule.
  • The call is concise (generally under one minute). Texts must generally be under 160 characters.
  • The dental practice initiates only one message per day (whether by call or text), and no more than three calls or texts per week.
  • Each message includes an easy way to opt out of future such messages,[3] and your dental practice honors opt-out requests immediately.
  • The call is not charged to the recipient (for example, there are no charges based on the number of voice minutes or number of text messages).


These laws are aimed at helping consumers control the calls and texts they receive. However, the laws are complex, perhaps overbroad, and their penalties are severe, making compliance a challenge. The ADA attempts to monitor these laws on the federal level, and intends to continue to keep members apprised of changes. Careful attention to compliance can help give patients more control over their wireless and landline phones, enhance the dentist-patient relationship, and help protect dental practices from potential liability.

Download the sample consent form for your practice

[1] This article only deals with the TCPA. You may have additional obligations under other laws as well, such as HIPAA, the Fair Debt Collection Practices Act, or similar state laws.

[2] HIPAA defines “health care” to mean: care, services, or supplies related to the health of an individual. Health care includes, but is not limited to, the following: (1) Preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counseling, service, assessment, or procedure with respect to the physical or mental condition, or functional status, of an individual or that affects the structure or function of the body; and (2) Sale or dispensing of a drug, device, equipment, or other item in accordance with a prescription.

[3] (a) Voice calls that could be answered by a live person must include an automated, interactive voice- and/or key press-activated opt-out mechanism that enables the call recipient to make an opt-out request prior to terminating the call. (b). Voice calls that could be answered by an answering machine or voice mail service must include a toll free number that the consumer can call to opt out of future healthcare calls. (3) Text messages must inform recipients of the ability to opt out by replying “STOP.”