Capital One Asks the FCC To Make It Easier For You to Communicate With its Very Polite Texting Robot: Here’s Why That’s a Good Thing

Here’s a case of an old law interfering with new and advanced technology.

Imagine you’re a major bank employing a super-intelligent texting robot that can answer literally every question a customer might have in virtual real-time. Sounds pretty cool right?

While you might be worried this ultra-sophisticated AI system will gain consciousness and attempt to wipe out life on Earth, you’re probably not concerned about it violating a 30-year-old telecommunications law.  Well, you should be, and one major bank is concerned enough about it to take the issue to the Federal Communications Commission.

[article_ad]

In a petition filed last week by Capital One, the banking giant asks the FCC to allow its AI texting robot—“ENO”—to ask a clarifying question to consumers who previously agreed to receive such texts, but now say “stop.” Since ENO is a one-stop-shop for customer information it is capable of sending all sorts of messages—from fraud and balance alert reminders to information about when a branch might be closed. While ENO is always supposed to be even-keeled and excessively polite—more on that below—humans can be mercurial. So while they might ask for information in one instance, they may desire some, but not other, information to stop the next. Capital One would like ENO to be able to clarify what—exactly—the consumer would like stopped.

Here’s the problem: The TCPA does not permit texts to be sent using an ATDS without consent. While it is certainly open for debate whether the acts of a synthetic being like ENO qualify as ATDS usage in the first place, Plaintiffs’ lawyers will surely argue that the consumer has revoked consent for ENO to send any messages after the “stop” is received. So if ENO responds with words to the effect of “what type of messages would you like me to stop?” Capital One might get sued for that.

No seriously.

So in an abundance of caution, Capital One filed a petition to the FCC seeking to clarify that ENO permitted to send at least one more text clarifying the scope of the revocation–essentially clarifying that the scope of consent provided by the consumer in the first instance includes the right to send a post-revocation (i.e., post “stop”) text message seeking to clarify the “stop” message.

The petition provides the following exemplar conversation, which shows how this works, and which is also quite entertaining:

Notice that the consumer specifically asked for information from ENO, which it faithfully provided. Instead of being thankful to ENO for doing his bidding, the consumer reprimands ENO with a “stop it.”  That’s not very nice.

But look at the subtle way ENO claps back—it asks if it should stop “only low balance” texts. Wait a second, who said anything about my balance being low? Then when the consumer confirms the limited scope of his instruction ENO doubles down: “I’ll no longer send you texts about your low balance.” This is pretty funny if you read even the slightest bit of sarcasm into the exchange.

It will be interesting to see if ENO has any deep learning capacity. If so, we can expect to see exchanges that look a lot more like this in the near future:

(I made this up for fun—not a real exchange with ENO, of course.)

Joking aside, the point of the exemplar is to demonstrate that the consumer will be empowered to dictate whether ENO leaves him/her alone forever, or merely ceases with a certain specific set of texts.

The petition has important potential consequences for numerous businesses that communicate with consumers over text messages for multiple purposes. As the Capital One petition notes, folks sign up for ENO by supplying their number and specifically selecting a number of topics about which the consumer wants to hear from ENO. It only makes sense, therefore, that ENO be permitted to determine which of these various topics the consumer wants to opt-out of.

Similarly, many businesses share information with consumers via text message- from appointment updates, service request follow-ups, reminders that documents are needed to complete transactions, receipts of transactions, balance reminders, etc.  Empowering consumers to determine the scope of their “stop” request– right over their phone and via the same text string in which they first requested the “stop”—seems like a win for everybody. The consumer can clarify precisely what he or she meant and stop texts that are unwanted while keeping texts that are desirable. The business, on the other hand, will not lose an opportunity to engage with consumers in a desirable way based upon an overly-conservative approach to dealing with consumer “stop” requests employed to avoid the TCPA litigation risk that hangs over everyone’s head these days.

So what do you think TCPAWorld? Initial comments on the petition are due December 9, 2019, and we’re always happy to help you to have your voice heard. Petition here: Capital One Petition for Declaratory Ruling – Nov 1 2019

Editor’s note: This article is provided through a partnership between insideARM and Squire Patton Boggs LLP, which provides a steady stream of timely, insightful and entertaining takes on TCPAWorld.com of the ever-evolving, never-a-dull-moment Telephone Consumer Protection Act. Squire Patton Boggs LLP—and all insideARM articles—are protected by copyright. All rights are reserved. 

Capital One Asks the FCC To Make It Easier For You to Communicate With its Very Polite Texting Robot: Here’s Why That’s a Good Thing
http://www.insidearm.com/news/00045693-capital-one-asks-fcc-make-it-easier-you-c/
http://www.insidearm.com/news/rss/
News

All the latest in collections news updates, analysis, and guidance

SWC Group welcomes Derek Cox as Vice President of Operations

Carrollton, TX — SWC Group is proud to announce that Derek Cox has joined our team as Vice President of Operations. Derek has over 13 years of domestic and international industry experience with a stellar track record for providing exceptional customer service while exceeding client’s performance expectations. His background in designing and implementing advanced strategies based on analytics and his involvement with using the latest technology to enhance performance are aligned with SWC Group’s mission to provide solutions based on value, integrity, and performance.  SWC Group is experiencing record growth and Derek’s dedication to building a productive and loyal team who are committed to compliance and high performance complements the goals and culture of our company. 

“We are thrilled to welcome Dereck to our executive team at the SWC Group. His commitment to excellence and integrity is a perfect match for our winning culture and will certainly serve to reinforce the value and quality provided to our clients over the past 45 years,” says Jeff Hurt, CEO.

“I am thrilled for the opportunity to partner with the hardworking talent at SWC and lead our company through our next phase of growth.”, says Derek Cox.  “I am impressed with SWC’s clear vision, advanced strategies and technology, and motivated workforce and I’m looking forward to continuing to raise our company to a heightened level of excellence in 2020 and beyond.” 

[article_ad]

About SWC Group, L.P.

Founded in 1974 and celebrating 45 years in business, SWC Group is a national provider of accounts receivable management services and consumer service solutions.  Their results-oriented, first-party, pre-collect and third-party collections services result in dramatic increases in revenue, greater efficiencies, reduced operating costs and increased customer satisfaction for our clients.  For more information, please contact Kevin Bennick, VP of Business Development, at (972) 300-1750 or email him at KBennick@swcgroup.com.

SWC Group welcomes Derek Cox as Vice President of Operations
http://www.insidearm.com/news/00045694-swc-group-welcomes-derek-cox-vice-preside/
http://www.insidearm.com/news/rss/
News

All the latest in collections news updates, analysis, and guidance

If You are Not Already Operating in the Cloud, You are Missing the Revolution

This article, authored by Amy Kennedy and Dan Womack of Ontario Systems, is part of an ongoing Think Differently series, launched in October 2019. Written by members of the iA Innovation Council, the series showcases thought leadership in analytics, communications, payments, and compliance technology for the accounts receivable management industry.

A game-changing innovation in technology is well underway, and most of us aren’t even noticing.  It started out as news, then became background noise, and now it’s such a quiet hum that most of us don’t hear it.

This quiet revolution is the move from the physical to the virtual; in a word, it’s cloud. It’s the move from physical servers with an operating system to virtual servers (think VMware), to containers (think Docker). It’s the move from buying CPUs to leasing them by the second in someone else’s data center (think AWS EC2). It’s the move from buying software, to paying for access to that software (think Office365). It’s the move from owning a PC to having a login to a virtual desktop (think Amazon Workspaces).

In the beginning of this transformation, moving computing activities and data to “the cloud” was a choice. Careful IT leaders—especially in collection agencies and other businesses entrusted with the care of their clients’ data—weighed the risks and benefits of such a move, and many stayed put in their established data centers with servers they could hug.

Since then, computing and storage in the cloud has become the default, and there’s no going back. Dave Bartolutti, VP and Principal Analyst at Forrester, reports that nearly 60% of North American enterprises now rely on public cloud platforms—five times the percentage from just five years ago (Forbes, December 2018).

Even in the financial services arena, 22% of applications are being run in the cloud now. Fintech leaders responding to an informal survey at a recent Bloomberg conference said they expect that more than 80% will be in the cloud by 2022 (Bloomberg, August 2019).

As Concerns Fade, Progress Accelerates

So why isn’t everyone already completely there, with all things in the cloud? Well, the common concerns that keep many of us out of the cloud relate to security, costs, and control.

For a long time, the perceived distance to the cloud presented security and privacy concerns. We are now seeing that generally, data in the cloud is much more secure (guarded by best practices, the latest technology, and superior processes) than data residing in data centers. Creditors used to discourage or forbid agencies from moving their data to the cloud; now, many creditors embrace the cloud.

Let’s be frank. While proponents tout the cloud as a cost-savings option, it may or may not be less expensive for you. That equation depends entirely on the complexity and sophistication of your premise infrastructure and environment. If you have your mission-critical business application running on a second-hand laptop with a consumer-grade router and modem combo, moving to the cloud will almost certainly be more expensive.

However, if you are investing in your infrastructure sufficiently to be competitive, secure, compliant, reliable, scalable, and highly available, a move to the cloud will very likely be a boon to your bottom line—and may offer the additional benefit of moving costs from capital expenses to operating expenses.

Moving to the cloud isn’t a single activity; it’s a progression, a direction, a strategy. When you consider the landscape of all the activities and data you deal with, you may find that you are further along the continuum to operating in the cloud than you think.

Microsoft is herding its email and MSOffice customers to the cloud; Google’s customers are already there. CompTIA reported in May 2018 that 73% of all enterprises use email hosted in the cloud. Given all the cloud-based applications that facilitate business productivity, collaboration, business analytics, financial management, CRM, human resources, expense management, help desk, call centers, and more, much of your operation may already be in the cloud (CompTIA, May 2018).

Many businesses in the ARM space use cloud-based services in their system of solutions, whether these services take the form of payroll, data improvement, or CRM. For example, hundreds of our own customers rely on our cloud every day for their entire collections platform or one of its major components.

High-Value Benefits You Need to Compete

Storing your data files in the cloud gives you access to scalable, cheap, and secure storage from anywhere on the planet. Since business and IT leaders are also individual consumers, you’ve probably stored business data files in the cloud (even if only to work on that report at home in the evening).

Two of the largest and most frequently overlooked benefits of moving to the cloud are faster innovation and the ability to pull services from different creators (suppliers, publishers, providers) together (i.e., multi-cloud). Interoperability between systems and functions allows for a shorter invention to utilization cycle. For example, if Outlook365 releases an analytics feature, I can begin using it right away. I don’t need IT to upgrade me, I don’t need to put it in next year’s budget, and I don’t need to integrate it to my other premise software. It just runs, and I immediately see the benefit of it.

A third major benefit of moving to the cloud is ease of assimilation of artificial intelligence-based technologies. AI assimilation requires massive data, the volume of which cannot be practically managed in house. As AI is increasingly used to improve consumer communications and strategies, cloud computing becomes inevitable.

How can you move to the cloud while maintaining your track record of success in caring for your customers’ data and outcomes?

  • Partner with the right people who enjoy solid reputations and provide trusted services, and craft a cloud strategy of your own (Cloud Academy, September 2019).
  • Educate yourself on certifications and other attributes that signal safety—SOC 2 Type II or ISO 9001, PCI, HIPAA, NIST, FISMA, etc.
  • As cloud adoption enters maturity, companies are realizing that the hurdles are organizational and not technical (CompTIA, May 2018). Be sure to update your own security and regulatory compliance practices to include working in the cloud.
  • Consider what your actual goals are. They will determine if Infrastructure as a Service (IaaS), Software as a Service (SaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS), Managed Services, or even Blank as a Service (not an actual thing) is right for you.

Why is the cloud one of the most important innovations to come to our industry? Because it is quietly changing the game and leveling the field for the smallest of agencies to compete with the largest ones in how they deliver services, safeguard their customers’ data and reputations, and operate their businesses.

— 

Dan Womack is the Director of Engineering; Amy Kennedy is the Senior Director of Emerging Technologies for Ontario Systems, a revenue recovery software and solutions provider to the accounts receivable management industry.

— 

Innovation Council Logo-300px

 

 

 

 

 

About the iA Innovation Council

The iA Innovation Council is a collaborative working group of product, tech, strategy, and operations thought leaders at the forefront of analytics, communications, payments, and compliance technology. Group members meet in person several times each year to engage in substantive dialogue and whiteboard sessions with the creative thinkers behind the latest innovations for the industry, the regulators who audit and establish guardrails for new technology, and educators, entrepreneurs and innovators from outside the industry who inspire different thinking. 

Learn more at www.iainnovationcouncil.com

2019 members include:

 

If You are Not Already Operating in the Cloud, You are Missing the Revolution
http://www.insidearm.com/news/00045680-if-you-are-not-already-operating-cloud-yo/
http://www.insidearm.com/news/rss/
News

All the latest in collections news updates, analysis, and guidance

Eleventh Circuit Holds That Court Abuses Its Discretion Certifying a TCPA Case Containing Uninjured Class Members

For those of you that hate hearing me talk about being right all the time, probably stop reading this one now.

One of the messiest splits of authority in the law is whether a class may be certified where unnamed Plaintiffs lack standing. The Second Circuit has held directly that such a class cannot be certified. The Third Circuit has held that such a class can be certified do long as the named Plaintiff has standing. The rest of the circuits fall into one of these two camps with the Ninth Circuit actually issuing rulings falling into both camps.

[article_ad]

As I have often argued, however, even in jurisdictions where a class can be certified with unnamed class members lacking valid claims it should not be because common issues will not predominate in such cases—only injured class members can ultimately recover so a class member by class member review will be necessary ahead of the judgment. In the context of the TCPA—where whether or not a call is wanted forms a basic predicate for harm—recovery will turn on a purely subjective determination that should almost always thwart class certification. (Indeed, I wrote an article at my former firm laying all of this out the day Spokeo was handed down.)

Over three years after Spokeo was decided, the Eleventh Circuit Court of Appeal has finally adopted this inevitable rationale and proven me right.  In Cordoba v. DIRECTV, LLC, No. 18-12077, 2019 U.S. App. LEXIS 34146 (11th Cir. Nov. 15, 2019) the Court reversed a certification ruling issued in favor of a class in a TCPA case against DirectTV. An interlocutory appeal was granted following certification of a class of individuals that received telemarketing calls in the absence of an internal DNC policy. The class included individuals who have not asked for calls to stop. The Court of Appeal concluded that these individuals had not suffered Article III harm and could not be included in a class. And this determination had a very important impact on whether the class could be certified. As the Eleventh Circuit panel wrote:

At some point before it may order any form of relief to the putative class members, the court will have to sort out those plaintiffs who were actually injured from those who were not. Determining whether each class member asked [Defendant] to stop calling requires an individualized inquiry, and the district court did not consider this problem at all when it determined that issues common to the class predominated over issues individual to each class member. We, therefore, conclude that the district court abused its discretion in certifying the class as it is currently defined…

Wow.

So let’s break this down a bit.

The case involves a lesser-known (but very important) TCPA regulation requiring the adoption of an internal DNC policy/training/list by all telemarketers. The main regulation provides that “[n]o person or entity shall initiate any call for telemarketing purposes to a resid\ential telephone subscriber” without “institut[ing] procedures for maintaining a list of persons who request not to receive telemarketing calls made by or on behalf of that person or entity.” Id. § 64.1200(d). The adoption of such a policy is a standalone requirement of the regulation, meaning that every call made without the policy in place is—theoretically at least—illegal. Yikes.

Class counsel have been on to the regulation for some time now and the Cordoba certification at the district court level was the first in a series of rulings suggesting that every solicitation call made by a telemarketer without a policy might be actionable even if the call was made with consent. And that’s the big issue. Many, perhaps most, of the class members in Cordoba had consented to received calls and had not asked for calls to stop. Yet Plaintiff sought to recover for every single one of these consented calls.

On appeal, the Eleventh Circuit first analyzed whether unnamed class members who consented to receive calls and did not opt-out had suffered any Article III harm from the phone calls. Notably, the Court held the burden was on the Plaintiff to demonstrate that harm. The Court first determined that unwanted phone calls do cause harm—and distinguished Salcedo as a text message case (uh oh). But when looking at whether the injury suffered is fairly traceable to the failure to maintain a DNC policy—the second factor of the so-called Lujan standing test— the Court found the answer to be “no.” As the Court views it:

If an individual not on the National Do Not Call Registry was called by [Defendant] and never asked [Defendant] not to call them again, it doesn’t make any difference that [Defendant]  hadn’t maintained an internal do-not-call list… There’s no remotely plausible causal chain linking the failure to maintain an internal do-not-call list to the phone calls received by class members who never said to [Defendant[l they didn’t want to be called

Booyah.

But the analysis is only half over. The Court notes that the impact of Spokeo standing on the certification issue is the “more difficult question.” The Court finds, however, that the absence of standing to recover damages plays a critical role on the issue of predominance.  (Apparently, Dish’s counsel did not pick up on this argument despite my highlighting it for years and the Court had to salvage it for them—take a look at footnote 4. TCPAWorld.com guys, come on.) Individualized issues will necessarily arise here because at some point before it can award any relief, the district court will have to determine whether each member of the class has standing: “That is an individualized issue, and it is one that the district court did not account for or consider in any way in deciding whether issues common to the class actually predominated over issues that were individualized to each class member.”

But more work will be necessary below. The class still might be certifiable if most members of the class clearly asked to opt-out and there is a “plausible straightforward method to sort them out at the back end of the case.”  On the other hand, if few made these requests, or if it will be extraordinarily difficult to identify those who did, then the class would be overbroad and these individualized determinations might overwhelm issues common to the class.”

In the end, the Court squarely holds: “the district court must consider under Rule 23(b)(3) before certification whether the individualized issue of standing will predominate over the common issues in the case when it appears that a large portion of the class does not have standing…”

Although the Court cushioned that assessment with some blunting language suggesting that TCPA class actions might not yet be dead in the Eleventh Circuit, they are. I have yet to litigate a TCPA class action where some large portion of the class did not suffer actionable harm. The problem is in defining the class properly—as Cordoba points out. Not only should Cordoba make certifying TCPA classes in the Eleventh Circuit more difficult, therefore, it should also empower courts to root through class definitions at the pleadings stage and strike improper definitions right from the start.

It’s a good day to be in TCPAWorld.

Editor’s note: This article is provided through a partnership between insideARM and Squire Patton Boggs LLP, which provides a steady stream of timely, insightful and entertaining takes on TCPAWorld.com of the ever-evolving, never-a-dull-moment Telephone Consumer Protection Act. Squire Patton Boggs LLP—and all insideARM articles—are protected by copyright. All rights are reserved. 

Eleventh Circuit Holds That Court Abuses Its Discretion Certifying a TCPA Case Containing Uninjured Class Members
http://www.insidearm.com/news/00045689-eleventh-circuit-holds-court-abuses-its-d/
http://www.insidearm.com/news/rss/
News

All the latest in collections news updates, analysis, and guidance

6 Must-Haves of an ADA Compliant Website

Editor’s Note: This article is published on insideARM with permission from the author, who is the CEO and Founder of Be Accessible.

When we used to talk about accessibility, we only thought about physical buildings. But times have changed. Providing online services, such as account access and payment processing, is now a commonplace practice that bridges the gap between businesses and consumers. However, businesses that don’t adhere to the website accessibility guidelines mentioned in the American Disability Act of 1990 are at risk of legal charges of up to $150,000. 

Making your website accessible to all will not only protect your business against possible legal consequences, but it can also improve your online reputation.

Here are the six most important components of an ADA-compliant website:

[article_ad]

1. Inclusive Design 

Accessibility is about making your website available to everyone. To achieve this, you should pay attention to inclusive design. 

Inclusive design means designing for diversity. Remember that your site visitors are varied. Some may be suffering from permanent disabilities, including blindness, hearing impairment, or some chronic disease that restricts their mobility. Meanwhile, other people can be temporarily impaired. For example, a person who just went through a major surgical operation may not be able to move his hands properly until recovered. When designing a website, keep in mind the different kinds of people who will be accessing it so that it can be made accessible to those in unique situations.

2. Video and Audio Files

Video and audio files are common on websites. Through these media, you can easily convey your message and promote your brand. Unfortunately, not everyone can access them with ease. People with visual impairment, for example, will not be able to view videos, photos, or other graphical components of your site. Meanwhile, deaf people might feel discouraged to use your site if you have a lot of audio content. 

The solution is to provide your audience with an alternative method to access these files if they cannot hear the audio or see videos. You can make the experience better for these people by adding alternate tags to your images, subtitles on your videos, and transcripts for your audio files. 

3. Content

The Web Content Accessibility Guidelines (WCAG) 2.1 list several recommendations to make your site content user-friendly.

The first is to provide text alternatives to non-text content. This way, users can change the content into a format that suits their needs, such as speech, braille, symbols, and even simple language. 

Second, provide alternatives for time-based media. This means publishing pre-recorded media (video and audio files) and using captions.

The third is to enable users to view their content in different forms or layouts without losing information or structure. Many disabled people use mobile devices to access the web. Thus, you have to make sure that your site is mobile-friendly.

Lastly, you should make it easy for users to view or hear your content by separating the foreground from the background. This can be done by making highly contrasting color combinations and adding a ‘pause’ button or disabling auto-play functions on videos.

4. Font

There are hundreds of font styles available today. In terms of accessibility, there are several guidelines to keep in mind when choosing fonts for your website. One is to choose a common font and limit the number of font styles for your website. Among the widely used fonts for accessibility are sans-serifs like Arial, Calibri, and Century Gothic, serif fonts like Times New Roman and Georgia, and slab serifs like Rockwell and Avro. 

As to the size, use at least 20px for your content. Enable resizing by defining font sizes by relative value. 

Another accessibility must-have is ensuring that your text can be zoomed in to 200% without assistive technology or loss of website functionality. 

5. Accessibility Guide

Once you’ve made the major components of your site accessible, create a separate page outlining how people with disabilities can use or navigate your site with ease. Your accessibility guide should include links or tools that can help them access the information they need. Include some techniques such as text-to-speech option, voice recognition, browser settings, and many more.

6. Layout

An accessible layout is important for accessible websites. Your site should be designed in such a way that people with disabilities can easily and confidently locate and identify the information they need on their own. This includes adding navigation menus, links, clear headings for content, orientation cues, and sections. You should also add labels and short instructions on fields.

Additionally, provide more than one method of website navigation such as a site search or a site map.

Conclusion

Creating an ADA-compliant website isn’t too difficult. If you pay attention to the six elements mentioned in this article, your website will be well on its way to being accessible to everyone, especially to people with disabilities.

6 Must-Haves of an ADA Compliant Website
http://www.insidearm.com/news/00045684-6-must-haves-ada-compliant-website/
http://www.insidearm.com/news/rss/
News

All the latest in collections news updates, analysis, and guidance

Federal Robocall Legislation Update

Not much has been heard about the status of efforts to resolve differences between the US-Senate–passed TRACED Act, S. 151, and the House-of-Representatives-approved Stopping Bad Robocalls Act, H.R. 3375. Both bills were approved by wide margins, but as the Congressional year has wound down will there be – with all else transpiring on Capitol Hill – a robocall bill to send to the President this year?

Trade press reports this week are, in effect, that there may be light at the end of the tunnel, and soon. House Communications Subcommittee Chairman Mike Doyle (D–PA) was quoted as saying, “I think we have agreement” on a compromise bill and “there’s no reason why we shouldn’t see it” by the end of this month.

[article_ad]

On the Senate side, it was reported that Senator John Thune (R-SD), Chairman of the Senate Communications Subcommittee, spoke of progress in negotiations nearing a conclusion to develop a compromise. He was quoted as believing that it might be possible to pass a bill by Thanksgiving, although cautioning that things tend to take longer than they should.

TCPAWorld will report and analyze the final result of Congressional negotiations and what the legislation will mean for all TCPA stakeholders.

Stay tuned.

Editor’s note: This article is provided through a partnership between insideARM and Squire Patton Boggs LLP, which provides a steady stream of timely, insightful and entertaining takes on TCPAWorld.com of the ever-evolving, never-a-dull-moment Telephone Consumer Protection Act. Squire Patton Boggs LLP—and all insideARM articles—are protected by copyright. All rights are reserved. 

Federal Robocall Legislation Update
http://www.insidearm.com/news/00045687-federal-robocall-legislation-update/
http://www.insidearm.com/news/rss/
News

All the latest in collections news updates, analysis, and guidance

A 5-Step Dive into HIPAA Compliance for Email and Text

I recently wrote about email and text guidelines the American Medical Association (AMA) set forth to help healthcare providers ensure their electronic communications comply with the Health Insurance Portability and Accountability Act (HIPAA). Thanks to this roadmap, and current available technologies, providers and their business associates have what they need to email and text patients legally and responsibly when Protected Health Information (PHI) is at stake. 

Today, I’m going to discuss HIPAA compliance more in depth—specifically, as defined and determined by the HIPAA Privacy Rule, the HIPAA Security Rule, and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Each of these contributes to the pool of regulatory requirements controlling the exchange of PHI via electronic communications. 

Understanding how these regulations (collectively referred to herein as “HIPAA requirements”) impact text and email communications is your first step toward launching a HIPAA-compliant text and email communication program. 

First Things First: A Brief HIPAA Breakdown

Before we launch into our five-step dive, here’s a quick primer on how HIPAA requirements have evolved and expanded since 2000. 

HHS Privacy Rule

Health and Human Services (HHS) published a final Privacy Rule in December 2000, which was later modified in August 2002. This rule set national standards for the protection of individually identifiable PHI by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct standard healthcare transactions electronically. Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans). 

HHS Security Rule

HHS published a final Security Rule in February 2003. This rule sets national standards for protecting the confidentiality, integrity, and availability of electronic PHI. Compliance with the Security Rule was required as of April 20, 2005 (April 20, 2006 for small health plans). 

HHS Enforcement Rule

The Enforcement Rule provides standards for the enforcement of all the Administrative Simplification Rules. 

HHS Breach Notification Rule

Under certain circumstances, the Health and Human Services (HHS) Breach Notification Rule requires covered entities and business associates to report all PHI breaches to HHS and the impacted individuals. HHS enacted a final Omnibus rule that implements a number of provisions of the HITECH Act to strengthen the privacy and security protections for PHI established under HIPAA, thus finalizing the Breach Notification Rule. 

Now, Let’s Dive Into the HIPAA Requirements

These are five of the most important aspects of HIPAA as it pertains to email and text. If you’re considering using electronic communications to engage patients for any reason, these bottom-line takeaways should be top of mind. 

Step #1: Relationships Matter

The HIPAA requirements for text and email communications differ depending on the relationship between the texting or emailing parties. 

While all electronic communications sent from a covered entity or business associate to a patient must be secure, communications from the patient to the covered entity or business associate need not be secure. This is because the HIPAA requirements do not require covered entities and business associates to be legally responsible for the encryption of PHI sent by the patient to the covered entity or business associate. 

Nevertheless, the covered entity or business associate still bears some responsibility regarding email and text communications received from a patient (see Step #2). 

Step #2: Consumer Warnings Matter

As I mentioned in my previous blog post, providers and business associates who offer patients an opportunity to communicate electronically using a text or email service must warn consumers about the insecurity of the communication platform. 

According to the AMA’s guidelines related to HIPAA requirements for communications between provider/business associate and patient, when communicating with patients electronically, the provider/business associate must also inform patients of: 

  • The inherent limitations of electronic communication, including possible breach of privacy or confidentiality issues; and
  • The difficulty in verifying the identity of the parties when texting or emailing and the potential impact of delayed responses. 

The provider/business associate should also provide patients with an opportunity to accept or decline electronic communication before privileged information is transmitted, and they should document the patient’s decision to accept or decline the opportunity. 

Lastly, the provider/business associate should take steps to help the patient understand that any texts or emails he or she might send the provider/business associate are not secure and may be subject to intrusion, hacking, and identity theft. 

Step #3: Patient Expectations Matter

The HIPAA requirements are not prescriptive with regard to text and email communications. Rather, they expect covered entities and business associates to meet the expectations within reason. 

For example, if a patient demands the medical collection agency email a copy of his or her statement to a Gmail address and the collection agency has absolutely no process in place to email patients, HIPAA would not require the medical collection agency to accommodate the patient by implementing an email communication system. 

On the other hand, if a patient indicates he or she does not want the medical collection agency to leave voicemail messages on his or her cell phone and to send texts instead (assuming the agency has a text message program in place), HIPAA would require the medical collection agency to cease leaving voicemail messages and restrict communications with that patient to text. 

Step #4: Playground Rules Don’t Matter

Covered entities and their business associates often ask whether they can interpret a patient’s unsolicited email or text as consent to electronic communications. 

The assumption behind the question is best reflected in the familiar line, “Well, they started it.” While this may work as a playground rule, it fails under the HIPAA requirements. 

Parties who wish to communicate with patients electronically must obtain the patient’s consent to continue using the particular form of electronic communication, even when a patient initiates the text or the email. 

Step #5: Encryption Matters

Email and text communications are inherently insecure; they’re not secured by default, and they’re easy to hack. 

An individual’s email account can easily be accessed by a third party if a weak or easy-to-guess password is used for the email account. A provider’s email system is also vulnerable to attack if the organization does not use two-factor authentication and other simple controls such as passwords and screen time-outs. 

Because all consumer-grade email platforms and texting programs are known to be insecure means of communication, their use for professional purposes may be considered in itself a breach of the HIPAA requirements. 

The HIPAA Security Rule §164.312(e) requires covered entities and their business associates to consider the encryption of communications as an Addressable Implementation Specification. This is a defined term under the HIPAA Security Rule. Providers and their business associates must comply with this rule when contemplating the use of electronic communications.  

HIPAA Is Complex, but Email and Text Needn’t Be

Technologies that can secure text and email communications as required by HIPAA are readily available today. In fact, providers have a range of options that are designed for this very purpose and perform their job well. 

Once you understand what HIPAA requires and have the right tools in place, electronic communications will become less of an ongoing concern and more of an asset—a major advantage, in fact—for your operations and your business. Frankly, you’ll wonder how you ever got along without them.

Editor’s Note: This article previously appeared on the Ontario Systems Blog and is republished here with permission.

A 5-Step Dive into HIPAA Compliance for Email and Text
http://www.insidearm.com/news/00045675-5-step-dive-hipaa-compliance-email-and-te/
http://www.insidearm.com/news/rss/
News

All the latest in collections news updates, analysis, and guidance

Bill Gosling Outsourcing’s Operations Take Flight in Costa Rica, Creating 300+ New Jobs

NEWMARKET, Ontario — Bill Gosling Outsourcing, a global Business Processing Outsourcing (BPO) provider, launches nearshore operations in Costa Rica, creating 300+ jobs.  

“We are excited to extend our operations to Costa Rica, providing a quality nearshore option to our North American Clients. We chose Costa Rica for their highly educated bilingual workforce, IT infrastructure, and proximity to North America,” said Dave Rae, CEO of Bill Gosling Outsourcing. 

[article_ad]

Costa Rica’s renowned reputation for economic stability has allowed the country to transform itself into a key market for many top companies to set up operations. Kenny Johnston, President of Bill Gosling Outsourcing added, “As we continue to evolve our tech-based solutions, we want to ensure that we can deliver a consistent quality of work in all locations with our live-agent and technology services. For many reasons, we felt Costa Rica was the perfect location to start our expansion into the LATAM market.” 

With a literacy rate of 97.98%, Costa Rica ranks #1 in LATAM in skills of graduates, current and future workforce. Many of the ‘Forbes Top 100 Companies’ have recently opened up R&D labs and other operations in the country to take advantage of the multi-talented bilingual workforce available. Additionally, Costa Rica now runs 99.99% on renewable energy and boasts 3 fiber-optic submarine cables that give stability and security to their telecommunications infrastructure. 

This site in Costa Rica will provide approximately 300 new jobs in customer care, ARM, and other support roles. The office is located in the El Cafetal Corporate Centre, approximately 15 minutes away from the San Jose International airport. The building boasts Leed Silver certification. 

About Bill Gosling Outsourcing 

Founded in Canada in 1955, and originally operating as a traditional accounts receivable management firm, Bill Gosling Outsourcing (BGO) has evolved into a multinational communications outsourcing company expanding into the UK (1968), the US (2001), and the Philippines (2013). BGO operates from eight global facilities, employs 2,100+  employees and offers five core services; positioning itself as a strategic partner for developing and implementing an all-encompassing customer contact solution strategy. Service categories include Customer Service/Support, Accounts Receivable Management, Customer Sales and Acquisitions, and Call Center Technology/Business Process Outsourcing.

Bill Gosling Outsourcing’s Operations Take Flight in Costa Rica, Creating 300+ New Jobs
http://www.insidearm.com/news/00045686-bill-gosling-outsourcings-operations-take/
http://www.insidearm.com/news/rss/
News

All the latest in collections news updates, analysis, and guidance

Non-profit Healthcare Providers Under Scrutiny for Billing and Collection Practices

For some time now, healthcare providers have been dealing with declining reimbursements from third-party payers and a higher portion of patient responsibility as a part of their total accounts receivable. As the reimbursement challenges grow and operating margins shrink, healthcare’s bottom lines have felt the squeeze. Though this alone is enough to cause sleepless nights for revenue cycle professionals, there is now a new front that those in the non-profit healthcare world are having to face. Lately, non-profit healthcare providers have come under increased scrutiny by public media and consumer advocates for their billing and collection practices.

The beginnings of this movement trace back to a series of ProPublica articles titled “Unforgiven: The Transformation of Consumer Debt.” In their series, ProPublica reported on several non-profit and public healthcare providers across the country, citing their treatment of lower-income patients and their reliance on lawsuits to compel the payment of medical debt. It was enough, at the time, that the investigation prompted further scrutiny by Senator Charles Grassley, causing one hospital system in Missouri to overhaul its financial assistance policy and forgive the debts of thousands of former patients.

More recently, ProPublica and other consumer advocacy outlets have cited the following hospitals for their billing and collection practices: Methodist Le Bonheur Healthcare in Memphis, Tennessee; St. Francis Health System in Oklahoma; Carlsbad Medical Center in Carlsbad, New Mexico and; Virginia’s non-profit Mary Washington Hospital.

The one that has drawn the most attention lately is a report from Kaiser Health News and The Washington Post on how Virginia’s state-run University of Virginia Health System (UVA) sued patients more than 36,000 times over six years, seeking a total of more than $106 million in unpaid bills. In response, Senate Finance Committee Chairman Charles Grassley (R-Iowa) sent a letter demanding answers to questions about UVA’s billing practices, financial assistance policies, and even its prices. The Finance Committee oversees federal tax laws, and Kaiser Health News reported that Grassley wrote that it is “my job to make sure that entities exempt from tax are fulfilling their tax-exempt purposes.”

In his seven-page letter, Grassley asks 19 detailed questions on various topics, including the system’s charity care (free or discounted care provided to low-income patients), debt collection policies, and its rationale for the litigation threshold of $1,000, enacted in 2017. Grassley asks specific questions about UVA’s list of standard prices for procedures and equipment, commonly known as the “chargemaster,” as posted on its website. Here is a copy of his letter to UVA.

Grassley has a longstanding interest in nonprofits in general and nonprofit hospitals in particular. In February of this year, Grassley wrote a letter to IRS Commissioner Charles Rettig to request data on nonprofit hospitals’ compliance or lack thereof with congressionally established standards for community benefits under 501(r). Even though the letter questions only UVA Health System, it sends a signal that the Senate will be paying attention to an issue that affects all state-run and nonprofit health systems.

The reality for those of us in the ARM industry who serve non-profit healthcare providers is that the attention to billing and collection practices—our own as well as those of our clients—is not going away on the part of consumer advocates. To protect the integrity and future of our industry, we will need to better educate and work with our clients on what is reasonable and effective in today’s consumer-oriented climate.

Non-profit Healthcare Providers Under Scrutiny for Billing and Collection Practices
http://www.insidearm.com/news/00045670-non-profit-healthcare-providers-under-scr/
http://www.insidearm.com/news/rss/
News

All the latest in collections news updates, analysis, and guidance

Electronic Patient Communications in the Wake of HIPAA: The Ban Has Lifted

Healthcare providers remain skittish when it comes to email or text communications, and their reluctance is understandable. 

Historically, both email and text messages were considered inherently unsecure modes of communication. In addition, many healthcare providers and business associates believe the Health Insurance Portability and Accountability Act (HIPAA) and the HIPAA Privacy and Security Rule’s restrictions on the use, transfer, and storage of demographic data and Protected Health Information (PHI) make email and text messaging far too risky. 

In response to the concerns of the healthcare community as well as the financial services industry—which has similar needs to protect the confidentiality of personally identifiable information—the cellular phone and internet industries have built safe, secure electronic communication platforms that secure information both in transit and at rest. 

If email and text are used properly and with the controls required by the American Medical Association (AMA) to send electronic messages containing PHI, healthcare providers can now embrace these forms of patient communications. 

AMA Requirements for Email and Text

As the AMA makes clear, HIPAA does not specifically prohibit sending PHI by text or email. However, it does require the electronic communication platform to include: 

  • Safeguards to ensure the confidentiality of PHI at rest and in transit;
  • Controls for who can access PHI;
  • Permissions for what authorized personnel can do with PHI when they access it; and
  • Processes to prevent the interception of plain text messages. 

Healthcare providers and business associates should exercise due diligence when selecting a text or email communication platform provider. At a minimum, they should require the provider to ensure its text or email platform can support the AMA’s four requirements of an electronic communication platform. 

The AMA has further clarified its position on sending PHI by text or email in Section 2.3.1 of the AMA’s Code of Ethics. As this section makes clear, concerns remain about privacy and confidentiality when communicating and transmitting PHI electronically. Physicians must uphold the same ethical standards when communicating with patients electronically as they do during other clinical encounters. They must also ensure the method of communication—whether virtual, telephonic, or in person—is appropriate to the patient’s clinical need and to the information being conveyed. 

While HHS and the Center for Medicare and Medicaid Services (CMS) do not prohibit healthcare providers and practitioners from communicating with their patients by text messages or email, healthcare providers and practitioners cannot disavow their responsibilities under the law, HIPAA, the HIPAA Privacy and Security Rule, or the AMA Code of Ethics by hiring a business associate to manage their electronic communications.  

Business associate agreements must include specific provisions regarding the use of text messaging and email and delineate any privacy or security requirements of the covered entity.  

AMA Guidelines for Email and Text

Here are the AMA’s specific guidelines regarding electronic patient communications. These standard practices help to ensure day-to-day compliance and ethical, responsible patient care. 

Physicians who choose to communicate electronically with patients should: 

(a) Uphold professional standards of confidentiality and protection of privacy, security, and integrity of patient information. 

(b) Notify the patient of the inherent limitations of electronic communication, including possible breach of privacy or confidentiality, difficulty in validating the identity of the parties, and possible delays in response. 

Such disclaimers do not absolve physicians of responsibility to protect the patient’s interests. Patients should have the opportunity to accept or decline electronic communication before privileged information is transmitted. The patient’s decision to accept or decline email communication containing privileged information should be documented in the medical record. 

(c) Advise the patient of the limitations of these channels when a patient initiates electronic communication. 

(d) Obtain the patient’s consent to continue electronic communication when a patient initiates electronic communication. 

(e) Present medical information in a manner that meets professional standards. Diagnostic or therapeutic services must conform to accepted clinical standards. 

(f) Be aware of relevant laws that determine when a patient-physician relationship has been established.  

For Providers and Their Patients, a Big Leap Forward

Healthcare professionals should welcome the AMA’s efforts to advance communications between patients and their providers. Text and email can be used to improve the patient experience, inform patients of their rights, remind them of important appointments, deliver treatment plans, follow up with recommendations, and even establish a lifeline between patients and physicians

Today’s patients appreciate and deserve the opportunity to communicate with providers using a variety of methods. The AMA’s recognition of this fact, and the framework it has provided for healthcare-related electronic communications, is a major win for all involved.

Editor’s Note: This article previously appeared on the Ontario Systems Blog and is republished here with permission.

Electronic Patient Communications in the Wake of HIPAA: The Ban Has Lifted
http://www.insidearm.com/news/00045672-electronic-patient-communications-wake-hi/
http://www.insidearm.com/news/rss/
News

All the latest in collections news updates, analysis, and guidance