Welcome to the forefront of conversational AI as we explore the fascinating world of AI chatbots in our dedicated blog series. Discover the latest advancements, applications, and strategies that propel the evolution of chatbot technology. From enhancing customer interactions to streamlining business processes, these articles delve into the innovative ways artificial intelligence is shaping the landscape of automated conversational agents. Whether you’re a business owner, developer, or simply intrigued by the future of interactive technology, join us on this journey to unravel the transformative power and endless possibilities of AI chatbots.
Digital health companies increasingly rely on AI-powered messaging platforms, chatbots, and virtual assistants to engage patients through text and voice. However, a June 2025 decision by the U.S. Supreme Court in McLaughlin Chiropractic Associates, Inc. v. McKesson Corp. is changing the legal landscape around how courts interpret the federal Telephone Consumer Protection Act (TCPA). The result: greater litigation risk for companies using automated communications, including in health care workflows.
If your organization is a digital health or AI platform that uses text messages, automated calls, or chatbots to reach patients, your organization needs to revisit your TCPA compliance strategy immediately.
The McLaughlin case centered on whether courts must follow Federal Communications Commission (FCC) interpretations of the TCPA. Historically, many companies relied on FCC rulings and interpretations to determine the types of communications that require consent. However, the Supreme Court ruled in this case that district courts are not bound by FCC guidance and must independently interpret the TCPA.
This means that courts are now not bound to FCC exemptions and definitions, including those that have historically protected certain health care communications. The risk of class-action TCPA lawsuits is now higher for digital health companies that use AI to automate patient outreach.
1. Automated Messages Without Proper Consent
Any SMS, voice, or chatbot communication using AI or automation may trigger consent requirements under the TCPA. If a message is deemed to be for marketing or promotional purposes, or otherwise lacks valid consent, it could expose your company to statutory damages of US$500 to US$1,500 per message.
2. FCC Guidance No Longer Shields You
A 2024 FCC ruling clarified that AI-generated voices are considered “artificial voices” under the TCPA, requiring prior express consent. While that guidance still exists, courts are now free to disagree with the FCC and adopt broader or differing interpretations. This opens the door to inconsistent rulings and unpredictable litigation outcomes.
3. Text-Based Chatbots May Be Targeted
Plaintiffs are testing whether text-based AI systems that replace live humans qualify as “artificial voices.” If courts agree they do, even dynamic chat platforms may be subject to TCPA consent rules.
4. State-Level “Mini-TCPA” Laws Still Apply
States like Florida, Oklahoma, and Washington have their own laws that impose stricter consent requirements than the federal TCPA. These laws may define autodialers more broadly than the federal TCPA and can create overlapping risks for nationwide digital health operations.
Given the increased litigation risk following the Supreme Court’s decision, we recommend immediate action. The following outline suggests a minimalist approach to assessing individual company risk, although each company should exercise particular focus on its own identified risks.
1. Conduct a TCPA Compliance Audit
2. Update Consent Flows Across All User Touchpoints
3. Review Vendor and Technology Contracts
4. Monitor Federal and State Case Law Trends
5. Train Your Compliance and Product Teams
The McLaughlin decision is binding across the United States and impacts digital health companies operating in all 50 states. Organizations with national outreach strategies must be especially careful when launching AI-powered messaging campaigns in jurisdictions with active TCPA enforcement or “mini-TCPA” statutes.
Health care companies headquartered in states like California, Texas, New York, Florida, and Illinois are already common targets for TCPA litigation. If your business is based in or reaches patients in these states, it is critical to revisit your communication strategy in light of the Supreme Court’s decision.
AI and automation can transform patient engagement, improve adherence, and support population health. However, they can also create TCPA exposure if organizations are not vigilant. In concluding that FCC guidelines are not binding in litigation, the McLaughlin ruling removes a key shield that companies have relied on for decades with regard to the reach of the TCPA and interpretation of its requirements, and shifts the power to the courts. This will undoubtedly make compliance more fragmented and litigation more likely.
Now is the time for digital health and AI companies to:
For more information on AI, telemedicine, telehealth, digital health, and other health innovations, including the team, publications, and representative experience, please contact Aaron Maguregui or Jennifer Hennessy or any of the partners or senior counsel in Foley’s Cybersecurity and Data Privacy Group or Health Care Practice Group.
Authors
Sectors
Practice Areas
We look beyond the law to focus on the constantly evolving demands facing our clients.
© 2025 Foley & Lardner LLP
Attorney Advertisement
Images of people may not be Foley personnel.
