FCC Releases Assessment of Best Practices to Address Illegal Robocalls to Hospitals

The Federal Communications Commission (Commission) recently released its assessment of how the integration of the Hospital Robocall Protection Group’s (HRPG) Best Practices can protect hospitals and similar institutions from unlawful robocalls, which interfere with the delivery of critical patient care.

The HRPG Best Practices assessment, released June 11, 2021, reflects the unanimous view of the committee’s members on the recommended actions voice service providers, hospitals, and federal and state government agencies can take to prevent or lessen the amount of unlawful robocalls to hospitals. The practices outline measures stakeholders can take to prevent unlawful robocalls and to appropriately acknowledge and reduce robocall events after they occur.

The commission’s assessment concludes that the best way to promote voluntary adoption of the HRPG Best Practices is to raise awareness among all stakeholders, especially hospitals, and to create effective forums to expand their adoption and implementation. The commission also recommends that groups dedicated to hospital risk management and security, such as the American Hospital Association (AHA), the American Society for Health Care Risk Management (ASHRM), and the College of Healthcare Information Management Executives (CHIME) develop and distribute educational materials, expand outreach to their constituencies, and provide training for hospitals and staff regarding robocalls.

The FCC suggests that a website hosted by organizations such as AHA, ASHRM, and CHIME could streamline navigation of robocall resources including the Best Practices, training materials, or links to webinars, which would help amplify hospital outreach. Stakeholders such as voice service providers and governmental entities would be encouraged to contribute to the website.

The HRPG recommends that voice service providers should establish a rapid notification system that would allow hospitals to notify them about illegal robocalls and about outgoing phone calls being blocked, unauthenticated, or misidentified. Further, the HRPG advises that voice service providers prioritize the delivery of education and guidance regarding the prevention of unlawful robocalls to hospitals.

The HRPG acknowledges that federal and state governments have taken aggressive action against illegal robocalls and recommends that they expand efforts to enforce existing laws, rules, and policies against voice service providers that enable unlawful traffic to travel through their networks or calling platforms.

Unlawful robocalls manifest in several ways. Callers have employed ID spoofing technology to deceive employees into answering calls from what numbers that appear to belong to colleagues, but instead the calls are from scammers. Similarly, callers who wish to obtain insurance or other financial information have employed ID spoofing technology to deceive recipients into answering calls from what appears to be hospital personnel. ID spoofing has also been used to carry out Telephone Denial of Service (TDoS) attacks that spam hospital networks with multiple simultaneous calls and interfere with voice service communications.

The FCC concludes that the integration of the HRPG Best Practices can best be facilitated through measures of education and outreach carried out by stakeholders such as hospitals, voice service providers, and governmental entities. For those stakeholders who have already implemented certain best practices, promoting awareness of these practices will increase effectiveness.