FCC Finalizes Best Practices to Combat Hospital Robocalls

June 18, 2021 - In a public notice, the Federal Communications Commission (FCC) concluded its assessment on the widespread adoption of the Hospital Robocall Protection Group’s (HRPG) best practices. The FCC concluded that education and outreach are the most effective ways to encourage hospitals to adopt the best practices.

The best practices and the establishment of the HRPG were driven by the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, which was signed into law in December 2019.

Under the TRACED Act, the FCC also was required to assess “how the voluntary adoption by hospitals and other stakeholders of the best practices issued by the Hospital Robocall Protection Group can be facilitated to protect hospitals and other institutions from unlawful robocalls.”

In the public notice, the FCC concluded that expanding awareness and providing forums to encourage adoption are essential to hospitals voluntarily following the best practices, and industry leaders have a responsibility to promote the best practices.

“Hospitals and the patients they serve are the primary beneficiaries of the HRPG Best Practices, because these Best Practices comprehensively address the risks to patient care and other compliance risks that unlawful robocalls present,” the notice stated.

“Hospital risk management officials, thus, have strong incentives to advance the adoption of the Best Practices as part of their efforts to prevent and mitigate these risks in their respective hospital environments.”

The FCC also noted that groups such as the American Hospital Association, the American Society for Health Care Risk Management, and the College of Healthcare Information Management Executives should assume responsibility for providing education and outreach services.

Specifically, the FCC suggests that the AHA and others develop educational and training materials, and host a website so that users can easily access all HRPG Best Practices content and related educational materials, along with workshops and other awareness resources.

In the best practices report issued in December of 2020, the HRPG outlines preventative measures that hospitals can take to avoid unlawful robocalls. Prevention best practices include engaging in education and awareness efforts through staff training, reporting any spoofed numbers, isolating phone lines, and using services that block robocalls.

“While similar to unlawful robocalls received by consumers generally, the significant difference with hospital-related robocalls is the impact these calls can have on public health and safety to patients and the community,” the best practices report stated.

“Hospitals can fall victim to a variety of unlawful calling schemes, ranging from telephone denial-of-service attacks to targeted social engineering to phishing and vishing schemes to more general unlawful robocall campaigns that happen to reach hospital numbers.”

As pointed out in the FCC notice, hospital risk management officials have incentives to adopt these best practices as they have the potential to mitigate security risks and prevent delays in care due to unlawful robocalls. Successful implementation will require many hospitals, stakeholders, and industry organizations to participate.