HB Ad Slot
HB Mobile Ad Slot
AI-Powered Text Messaging by Digital Health Companies: Supreme Court Raises the Stakes
Wednesday, July 2, 2025

Digital health companies increasingly rely on AI-powered messaging platforms, chatbots, and virtual assistants to engage patients through text and voice. However, a June 2025 decision by the U.S. Supreme Court in McLaughlin Chiropractic Associates, Inc. v. McKesson Corp. is changing the legal landscape around how courts interpret the federal Telephone Consumer Protection Act (TCPA). The result: greater litigation risk for companies using automated communications, including in health care workflows.

If your organization is a digital health or AI platform that uses text messages, automated calls, or chatbots to reach patients, your organization needs to revisit your TCPA compliance strategy immediately.

Why the Supreme Court’s Decision Matters for Digital Health

The McLaughlin case centered on whether courts must follow Federal Communications Commission (FCC) interpretations of the TCPA. Historically, many companies relied on FCC rulings and interpretations to determine the types of communications that require consent. However, the Supreme Court ruled in this case that district courts are not bound by FCC guidance and must independently interpret the TCPA.

This means that courts are now not bound to FCC exemptions and definitions, including those that have historically protected certain health care communications. The risk of class-action TCPA lawsuits is now higher for digital health companies that use AI to automate patient outreach.

Key Risks for Health Tech and AI Companies

1. Automated Messages Without Proper Consent

Any SMS, voice, or chatbot communication using AI or automation may trigger consent requirements under the TCPA. If a message is deemed to be for marketing or promotional purposes, or otherwise lacks valid consent, it could expose your company to statutory damages of US$500 to US$1,500 per message.

2. FCC Guidance No Longer Shields You

2024 FCC ruling clarified that AI-generated voices are considered “artificial voices” under the TCPA, requiring prior express consent. While that guidance still exists, courts are now free to disagree with the FCC and adopt broader or differing interpretations. This opens the door to inconsistent rulings and unpredictable litigation outcomes.

3. Text-Based Chatbots May Be Targeted

Plaintiffs are testing whether text-based AI systems that replace live humans qualify as “artificial voices.” If courts agree they do, even dynamic chat platforms may be subject to TCPA consent rules.

4. State-Level “Mini-TCPA” Laws Still Apply

States like Florida, Oklahoma, and Washington have their own laws that impose stricter consent requirements than the federal TCPA. These laws may define autodialers more broadly than the federal TCPA and can create overlapping risks for nationwide digital health operations.

Action Plan for Digital Health Companies

Given the increased litigation risk following the Supreme Court’s decision, we recommend immediate action. The following outline suggests a minimalist approach to assessing individual company risk, although each company should exercise particular focus on its own identified risks. 

1. Conduct a TCPA Compliance Audit

  • Map all communication channels, including SMS, voice, and chatbot.
  • Identify platforms using AI or automation to trigger messages.
  • Confirm which messages fall under the TCPA or state-level equivalents.

2. Update Consent Flows Across All User Touchpoints

  • Separate HIPAA authorizations from TCPA consents. HIPAA requires that any authorization to use or disclose protected health information (PHI) be presented in a standalone document. It cannot be combined with other consents or permissions, including those related to marketing or telephone communications under the TCPA.
  • For any message that could be deemed marketing or promotional, secure prior express written consent.
  • Clearly inform users when automated or AI-generated messaging is deployed.

3. Review Vendor and Technology Contracts

  • Ensure your vendors are not exposing your organization to TCPA liability.
  • Require vendors to indemnify your organization for TCPA claims and disclose whether AI is used to communicate with patients.

4. Monitor Federal and State Case Law Trends

  • The McLaughlin ruling empowers courts to make their own calls on TCPA scope and interpretation.
  • Stay informed on rulings related to chatbots, artificial voice definitions, and autodialer classifications.

5. Train Your Compliance and Product Teams

  • Ensure compliance, product, and leadership teams understand the TCPA, its intersection with HIPAA, and how the McLaughlin decision changes risk.
  • Educate staff on how AI messaging platforms must be deployed to stay compliant.

Geographic Relevance: Why U.S.-Based Digital Health Companies Should Act Now

The McLaughlin decision is binding across the United States and impacts digital health companies operating in all 50 states. Organizations with national outreach strategies must be especially careful when launching AI-powered messaging campaigns in jurisdictions with active TCPA enforcement or “mini-TCPA” statutes.

Health care companies headquartered in states like California, Texas, New York, Florida, and Illinois are already common targets for TCPA litigation. If your business is based in or reaches patients in these states, it is critical to revisit your communication strategy in light of the Supreme Court’s decision.

The Bottom Line: Smart AI Needs Smarter Compliance

AI and automation can transform patient engagement, improve adherence, and support population health. However, they can also create TCPA exposure if organizations are not vigilant. In concluding that FCC guidelines are not binding in litigation, the McLaughlin ruling removes a key shield that companies have relied on for decades with regard to the reach of the TCPA and interpretation of its requirements, and shifts the power to the courts. This will undoubtedly make compliance more fragmented and litigation more likely.

Now is the time for digital health and AI companies to:

  • Reassess TCPA risk;
  • Reevaluate consent protocols;
  • Monitor case law; and
  • Build defensible messaging strategies.
HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot

More from Foley & Lardner LLP

HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up for any (or all) of our 25+ Newsletters.

 

Sign Up for any (or all) of our 25+ Newsletters