This is part three of a three-part series. Read part one here, and part two here. The articles first appeared on the Ontario Systems Blog and are republished here with permission.
Rarely does the Americans with Disabilities Act (ADA) present unique compliance issues for a web developer based on industry type. The visual and audio solutions most businesses and organizations must incorporate into their websites are one-time solutions that can be replicated over and over across all websites. While this is true for most, it is not true for third-party debt collection agencies, financial services organizations, companies that process electronic payments online, or healthcare providers. This is because these organizations must take into account the impact of the following laws and regulations when developing their ADA-compliant websites:
- Fair Debt Collection Practices Act (FDCPA);
- Electronic Funds Transfer Act (EFTA);
- Health Insurance Portability and Accountability Act (HIPAA);
- State licensing requirements;
- Gramm Leach Bliley Act; and/or
- Service Members Civil Relief Act
Here is a list of requirements many web developers and consumer portal engineers forget to address when building consumer-facing websites and portals for members of the collection, financial services and healthcare industries:
- Authentication of the Consumer: Consumers who simply visit a consumer-facing website are window shoppers. But consumers who interact with a website to retrieve documents, make payments or learn more about their account or accounts are privacy risks who must be authenticated.Many companies ask consumers to establish an account with a user name and password before they may access personally-identifiable information (PII) or protected health information (PHI). Others provide the consumer, patient or guarantor with Personal Identification Numbers (PIN) they may use to access private, confidential information about their accounts.
- Federal and State Disclosures: The FDCPA and state debt collection laws require websites to include disclosures such as the Mini Miranda on consumer facing websites. Don’t forget to include these disclosure on each page of the web site.
- Audio Warnings: Consumers who are sight-impaired need to be forewarned about the impact of interacting with your site using an audio enhancement. Audio announcements that include the name of the collection agency, financial institution or healthcare provider may potentially reveal personal, private, confidential information protected by HIPAA and the GLBA and inadvertently disclose the existence of a debt to a third party. Provide the consumer with ample warning of audio enhancements so they may move to a private location or control the volume.
- Contact Information: Nothing is more frustrating than visiting a website that requires a detective to figure out how to communicate with the organization by phone, U.S. mail or email. Hours of business, consumer help lines, complaint forums and phone numbers should be prominently displayed, updated and monitored.
- Consumer Communication Preferences: In addition to making the site ADA compliant, remember to include a readily accessible page to collect the consumer’s communication preferences. Properly presented, websites serve as an excellent tool to obtain consent to call a cell, email, text, use a VoIP line, leave messages, identify best times to call, communicate with a spouse or communicate at special times of day. Don’t forget to include the required information about how the consumer may revoke consent for each of these communication preferences.
- Electronic Funds Transfer Act: Websites may be used to present consumers, patients and guarantors with payment options and tools. Once authenticated, use the website or payment portal to present the consumer with account and balance information, an itemization of interest, fees and charges, create the authorization for EFTA payments and credit card payments and obtain the consumer’s digital signature. Using a click agreement, you may obtain consent, authorization and signatures and present information about the process to stop payment or revoke the payment(s). Remember, Reg E requires any payee of a recurring, preauthorized, EFTA payment to send the consumer a copy of the “written authorization” “signed or similarly authenticated.” Use the website to confirm the consumer’s email or snail mail address. Do not assume your offer to allow the consumer to “print” the authorization is sufficient. Print does not equal send when it comes to consumer protection.
- Convenience Fees: Seek the advice of legal counsel before assessing a convenience fee. The FDCPA and the Consumer Financial Protection Bureau’s Guidance Bulletin of January 2017 establish whether, when and how a convenience fee may be assessed. Regardless of your interpretation of the law, in all cases provide the consumer with a free option to pay.
- Service Members Civil Relief Act: Make sure the consumers, patients and guarantors visiting your website are presented with an opportunity to claim protections under this Act, explain their active duty status, and learn more about their rights.
- License Number Disclosure: Many states and several cities require third-party debt collectors to prominently display their license number in all communications. This requirement extends to consumer facing websites. Healthcare providers should also review state requirements to determine if information about licensure or accreditation are required.
For most readers, the information presented in this series is not a surprise. But it is often difficult to connect the dots between the various state and federal laws and regulations that protect consumers. For additional information about the ADA, please visit ADA.gov. For a review of your website’s compliance with requirements referred to in this article, please consult with independent legal counsel or reach out to Ontario Systems Compliance Consulting Service team. We are here to help.