Site icon Doc Medicare

AI-Powered Text Messaging By Digital Health Companies: Supreme Court Raises The Stakes – New Technology

AI-Powered Text Messaging By Digital Health Companies: Supreme Court Raises The Stakes – New Technology

Digital health companies increasingly rely on AI-powered
messaging platforms, chatbots, and virtual assistants to engage
patients through text and voice. However, a June 2025 decision by
the U.S. Supreme Court in McLaughlin
Chiropractic Associates, Inc. v. McKesson Corp
.
is changing the legal landscape around how courts interpret the
federal Telephone Consumer Protection Act (TCPA). The result:
greater litigation risk for companies using automated
communications, including in health care workflows.

If your organization is a digital health or AI platform that
uses text messages, automated calls, or chatbots to reach patients,
your organization needs to revisit your TCPA compliance strategy
immediately.

Why the Supreme Court’s Decision Matters for Digital
Health

The McLaughlin case centered on whether courts must
follow Federal Communications Commission (FCC) interpretations of
the TCPA. Historically, many companies relied on FCC rulings and
interpretations to determine the types of communications that
require consent. However, the Supreme Court ruled in this case that
district courts are not bound by FCC guidance and must
independently interpret the TCPA.

This means that courts are now not bound to FCC exemptions and
definitions, including those that have historically protected
certain health care communications. The risk of class-action TCPA
lawsuits is now higher for digital health companies that use AI to
automate patient outreach.

Key Risks for Health Tech and AI Companies

1. Automated Messages Without Proper
Consent

Any SMS, voice, or chatbot communication using AI or automation
may trigger consent requirements under the TCPA. If a message is
deemed to be for marketing or promotional purposes, or otherwise
lacks valid consent, it could expose your company to statutory
damages of US$500 to US$1,500 per message.

2. FCC Guidance No Longer Shields You

A 2024 FCC ruling
clarified that AI-generated voices are considered “artificial
voices” under the TCPA, requiring prior express consent. While
that guidance still exists, courts are now free to disagree with
the FCC and adopt broader or differing interpretations. This opens
the door to inconsistent rulings and unpredictable litigation
outcomes.

3. Text-Based Chatbots May Be Targeted

Plaintiffs are testing whether text-based AI systems that
replace live humans qualify as “artificial voices.” If
courts agree they do, even dynamic chat platforms may be subject to
TCPA consent rules.

4. State-Level “Mini-TCPA” Laws Still
Apply

States like Florida, Oklahoma, and Washington have their own
laws that impose stricter consent requirements than the federal
TCPA. These laws may define autodialers more broadly than the
federal TCPA and can create overlapping risks for nationwide
digital health operations.

Action Plan for Digital Health Companies

Given the increased litigation risk following the Supreme
Court’s decision, we recommend immediate action. The following
outline suggests a minimalist approach to assessing individual
company risk, although each company should exercise particular
focus on its own identified risks.

1. Conduct a TCPA Compliance Audit

  • Map all communication channels, including SMS, voice, and
    chatbot.

  • Identify platforms using AI or automation to trigger
    messages.

  • Confirm which messages fall under the TCPA or state-level
    equivalents.

2. Update Consent Flows Across All User
Touchpoints

  • Separate HIPAA authorizations from TCPA consents. HIPAA
    requires that any authorization to use or disclose protected health
    information (PHI) be presented in a standalone document. It cannot
    be combined with other consents or permissions, including those
    related to marketing or telephone communications under the
    TCPA.

  • For any message that could be deemed marketing or promotional,
    secure prior express written consent.

  • Clearly inform users when automated or AI-generated messaging
    is deployed.

3. Review Vendor and Technology Contracts

  • Ensure your vendors are not exposing your organization to TCPA
    liability.

  • Require vendors to indemnify your organization for TCPA claims
    and disclose whether AI is used to communicate with patients.

4. Monitor Federal and State Case Law
Trends

  • The McLaughlin ruling empowers courts to make their
    own calls on TCPA scope and interpretation.

  • Stay informed on rulings related to chatbots, artificial voice
    definitions, and autodialer classifications.

5. Train Your Compliance and Product Teams

  • Ensure compliance, product, and leadership teams understand the
    TCPA, its intersection with HIPAA, and how the McLaughlin
    decision changes risk.

  • Educate staff on how AI messaging platforms must be deployed to
    stay compliant.

Geographic Relevance: Why U.S.-Based Digital Health Companies
Should Act Now

The McLaughlin decision is binding across the United
States and impacts digital health companies operating in all 50
states. Organizations with national outreach strategies must be
especially careful when launching AI-powered messaging campaigns in
jurisdictions with active TCPA enforcement or “mini-TCPA”
statutes.

Health care companies headquartered in states like California,
Texas, New York, Florida, and Illinois are already common targets
for TCPA litigation. If your business is based in or reaches
patients in these states, it is critical to revisit your
communication strategy in light of the Supreme Court’s
decision.

The Bottom Line: Smart AI Needs Smarter Compliance

AI and automation can transform patient engagement, improve
adherence, and support population health. However, they can also
create TCPA exposure if organizations are not vigilant. In
concluding that FCC guidelines are not binding in litigation, the
McLaughlin ruling removes a key shield that companies have
relied on for decades with regard to the reach of the TCPA and
interpretation of its requirements, and shifts the power to the
courts. This will undoubtedly make compliance more fragmented and
litigation more likely.

Now is the time for digital health and AI companies to:

  • Reassess TCPA risk;

  • Reevaluate consent protocols;

  • Monitor case law; and

  • Build defensible messaging strategies.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

link

Exit mobile version