The Telephone Consumer Protection Act (TCPA) imposes penalties of $500–1,500 per violation for automated outbound calls made without proper consent. A clinical research site that runs an AI outbound calling campaign to 200 cold leads without documented TCPA consent on file faces potential liability of $100,000–300,000 — not from a regulatory agency, but from class-action plaintiff attorneys who specifically monitor for TCPA violations. This is not a hypothetical risk; TCPA litigation is among the most active areas of consumer protection law. This guide ensures your outbound calling program is compliant before the first automated call is made.
What Triggers TCPA Requirements
TCPA applies when you use an “automatic telephone dialing system” (autodialer) or a pre-recorded message to call a cell phone number. Most AI outbound call platforms and outbound auto-dialers meet this definition. If you are manually dialing each number from a live coordinator phone, TCPA’s autodialer provisions do not apply — though the calls must still comply with Do Not Call registry rules.
The Consent Requirement: What “Prior Express Written Consent” Means
For marketing and informational automated calls to cell phones, TCPA requires “prior express written consent” — which in practice means the patient must have agreed to receive automated calls in a written or digital statement that:
- Is clear and conspicuous (not buried in fine print)
- Specifies that they are agreeing to receive automated calls (not just general contact)
- Names the entity that will be calling
- Is obtained before the first automated call
The inquiry form is the correct point of consent collection. Add above the phone number field: “By providing your phone number, you agree to receive automated calls and text messages from [site name] regarding clinical research opportunities. You may opt out at any time by replying STOP.”
The Do Not Call Registry
Regardless of prior consent, you must scrub your outbound call list against the National Do Not Call Registry before any campaign. The FTC maintains the registry at donotcall.gov — paid access for organizations. Calls to DNC-registered numbers carry separate FTC penalties of up to $50,120 per violation. DNC scrubbing is a non-negotiable pre-launch step for any outbound call campaign.
Record-Keeping Requirements
Maintain documentation for every outbound call campaign:
- Date and method of consent collection for each phone number called
- Copy of the consent language presented to the patient
- DNC scrub date and results for each list
- Opt-out records (anyone who said STOP must never be called again)
Retain these records for at least 4 years — the statute of limitations for TCPA claims.
48-Hour Action List
- Hour 1: Review your inquiry form’s current consent language. If it does not explicitly mention automated calls, add the compliant language above immediately. Apply retroactively only to leads collected after today — older leads without documented consent should not be called via autodialer.
- Hour 2: Register your organization with the National Do Not Call Registry at donotcall.gov. Download the registry file for your area codes. Scrub your outbound call list against the registry — any number on the DNC registry must be removed from automated outreach lists.
- Hour 3: Set up an opt-out management system: anyone who replies STOP (to SMS) or says “remove me” (on a call) must be added to a suppression list that prevents any future automated contact. Most SMS and AI call platforms handle this automatically — verify yours does.
- Day 2: Have your site’s legal counsel or compliance officer review your outbound calling program against this TCPA checklist before any AI outbound campaign runs. The one-hour legal review cost is a fraction of the liability of a non-compliant campaign.