HB Ad Slot
HB Mobile Ad Slot
The FTC Announces a Proposed Settlement Regarging Patient Data
Friday, December 12, 2014

When it comes to patient information, so much of the focus is on HIPAA. However, a proposed settlement announced on December 3, 2014 by the FTC serves as a reminder that the Federal Trade Commission (FTC) also enforces privacy matters. The FTC announced the proposed settlement with PaymentsMD, LLC and its former CEO for allegedly failing to adequately inform patients that it would seek detailed medical information from the patients’ health providers such as pharmacies, labs, and insurance companies. The FTC specifically alleged that the company operated a website for patients to pay their medical bills. The company later began developing a separate service to provide consumers with online medical records. To populate those records, the company allegedly needed to obtain the medical information. According to the FTC complaints, the company obtained patient authorization to collect the data through four authorizations on the website that were presented in small windows, displaying only six lines at a time of the extensive text. In addition, the complaints alleged that all four authorizations could be accepted by clicking just one box. The FTC also alleged that it was not made clear on the website that the patients would be giving permission to collect their medical information for the medical record product. Therefore, the FTC alleged that patients registering for the billing service would have reasonably believed that the authorizations were to be used for billing. Under the terms of the proposed settlements, the company and former CEO must destroy all patient information collected and are banned from deceiving consumers about the way they collect and use information. The FTC will publish a description of the proposed settlement in the Federal Register and the agreement will be subject to public comment through January 2, 2015. The important takeaway from this matter is that the even a disclosure allowed under HIPAA may subject a Covered Entity or Business Associate to FTC enforcement for practices that the FTC determines are “deceptive.” 

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins