TCPA Compliance for Text Messaging: What Nonprofits and Healthcare Organizations Must Know in 2026

The Telephone Consumer Protection Act carries penalties of $500 to $1,500 per non-compliant message. For an organization sending 10,000 texts, a single compliance failure could result in exposure of $5 million to $15 million. Yet TCPA compliance for text messaging is not as straightforward as it appears, particularly for nonprofits and healthcare organizations that operate under different rules than commercial senders.

This guide breaks down what the TCPA requires for text messaging in 2026, including the critical exemptions that apply to nonprofits and healthcare providers, the consent standards you must meet, and how to build a compliant SMS program that protects your organization while maximizing engagement.

TCPA Basics: What Every Organization Must Know

The TCPA was originally enacted in 1991 to regulate telemarketing calls. Its scope has expanded dramatically to cover text messages, which the FCC treats as calls under the statute. Any organization sending text messages using an autodialer or prerecorded/artificial voice must comply with TCPA requirements.

The key obligations include obtaining prior consent from recipients, providing opt-out mechanisms, maintaining do-not-call lists, and following time-of-day restrictions. Violations are enforced through both FCC action and private lawsuits, which have generated billions of dollars in settlements over the past decade.

The Nonprofit TCPA Exemption: What It Does and Does Not Cover

Nonprofits benefit from significant TCPA exemptions, but these protections are narrower than many organizations realize.

What the Exemption Provides

• Calls and texts made by or on behalf of a nonprofit are classified as non-solicitation, meaning they do not trigger the commercial telemarketing rules
• Nonprofits are not required to consult the National Do Not Call Registry
• Nonprofits are not required to maintain an internal Do Not Call list (though doing so is best practice)
• Consent does not need to be written; verbal consent or other forms of consent are acceptable

What the Exemption Does Not Cover

The nonprofit exemption does not eliminate the consent requirement entirely. Organizations still need some form of consent before sending automated text messages. A supporter who provides their phone number to a nonprofit is generally considered to have given consent, but sending messages to numbers obtained from purchased lists or third-party sources without direct consent remains a violation.

Additionally, all messages must include an opt-out mechanism. Failing to honor opt-out requests, or continuing to text supporters who have replied STOP, exposes the nonprofit to the same penalties that apply to commercial senders.

Healthcare TCPA Exemptions: The 2026 Landscape

Healthcare providers operate under a separate set of TCPA rules that have been updated significantly in recent years.

The Healthcare Message Exemption

The FCC provides a limited exemption for healthcare messages, allowing providers to contact patients via automated calls and texts without prior express consent, provided the messages meet specific criteria:

• Messages must concern the recipient's healthcare (appointment reminders, prescription notifications, care instructions)
• Text messages must be 160 characters or fewer
• Each message must provide an opt-out mechanism
• Messages cannot include billing, collection, or marketing content
• Only phone numbers provided directly by the patient may be used

The 2025 FCC Rule Updates

The FCC's updated TCPA consent revocation rules, which took effect in April 2025, introduced important changes for healthcare organizations. Patients can now revoke consent through any reasonable method, including replying STOP, calling the provider, or submitting a written request. Organizations must process revocation requests within a reasonable timeframe, which the FCC has indicated means no more than 10 business days.

These updates have implications for automated messaging systems. Platforms must be capable of processing opt-out requests from multiple channels and ensuring that no messages are sent to revoked numbers during the processing window.

Building a TCPA-Compliant SMS Program

Consent Management

The foundation of TCPA compliance is documented consent. Every phone number in your messaging database should have a clear record of how and when consent was obtained. For nonprofits, this could be a sign-up form at an event, a keyword opt-in via text, or a checkbox on a donation page. For healthcare providers, this includes patient-provided phone numbers in intake forms and EHR records.

FRANSiS maintains a complete consent audit trail for every contact, recording the consent method, timestamp, and source. This documentation is essential during regulatory inquiries or litigation.

Opt-Out Processing

Every message must include an opt-out mechanism, and opt-out requests must be honored promptly. Industry standard keywords include STOP, END, CANCEL, UNSUBSCRIBE, and QUIT. FRANSiS automatically processes these keywords and immediately suppresses the number from future messaging, with no staff intervention required.

10DLC Registration

Since 2024, all organizations sending A2P text messages through 10-digit long codes must register through the 10DLC system. This process involves registering your brand with The Campaign Registry (TCR), describing your use case, and obtaining approval before sending messages. Unregistered messages face aggressive carrier filtering that can reduce deliverability to near zero.

FRANSiS handles the entire 10DLC registration process on behalf of clients, ensuring compliant registration and maintaining ongoing compliance as carrier requirements evolve.

Message Content Compliance

Beyond consent and opt-out requirements, TCPA-compliant messages should clearly identify the sending organization, state the purpose of the message, and avoid deceptive or misleading content. For healthcare messages, content must stay within the healthcare exemption boundaries by avoiding billing, marketing, or non-healthcare information.

Common TCPA Mistakes That Lead to Lawsuits

• Texting numbers from purchased or rented lists without direct consent
• Continuing to message contacts who have opted out, even due to processing delays
• Mixing marketing content into healthcare-exempt messages (e.g., including a promotion in an appointment reminder)
• Failing to provide opt-out instructions in every message
• Using numbers provided for one purpose (billing) to send messages for a different purpose (marketing)
• Not maintaining documentation of consent, making it impossible to prove compliance during litigation

How FRANSiS Ensures TCPA Compliance

FRANSiS was built for regulated industries where compliance is non-negotiable. The platform addresses TCPA requirements through automated consent management and audit trails, real-time opt-out processing across all standard keywords, 10DLC registration and ongoing compliance management, AI-powered message content scanning that flags potential compliance issues before transmission, and separate campaign management for healthcare-exempt and marketing messages to prevent content mixing.

Organizations using FRANSiS can focus on their communication strategy knowing that the compliance infrastructure operates automatically in the background.

Ready to See FRANSiS in Action?

Book a Demo: https://fransis.ai/demo

FAQ

What are the penalties for TCPA text messaging violations?

TCPA violations carry statutory damages of $500 per non-compliant message, which can increase to $1,500 per message for willful violations. Class action lawsuits involving thousands of messages regularly result in multi-million dollar settlements. Even smaller cases involving hundreds of messages can result in six-figure penalties.

Do nonprofits need written consent to send text messages?

No. Unlike commercial senders who generally need prior express written consent for marketing texts, nonprofits can operate with other forms of consent, including verbal consent or implied consent from a supporter providing their phone number. However, maintaining documentation of consent is strongly recommended to defend against potential complaints.

Can healthcare providers text patients without consent?

Healthcare providers can send automated texts to patient-provided phone numbers without separate express consent, provided the messages concern the patient's healthcare, are 160 characters or fewer, include opt-out instructions, and contain no billing or marketing content. This exemption is narrowly defined and does not cover promotional or non-healthcare messages.