An Atlanta-based medical billing company and its former CEO recently settled Federal Trade Commission charges they misled consumers who signed up for online billing by not adequately informing them that the company would gather detailed medical information from pharmacies, medical labs and insurance companies.
The FTC charged that PaymentsMD, LLC and former CEO Michael C. Hughes, used the sign-up process for a patient portal (which allows patients to gain access to their billing and medical information) as a means to deceptively seek consumers’ consent to get a hold of detailed medical information.
“Consumers’ health information is as sensitive as it gets,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “Using deceptive tactics to gain consumers’ ‘permission’ to collect their full health history is contrary to the most basic privacy principles.”
The settlement terms require PaymentsMD and Hughes to destroy any collected information that is related to the Patient Health Report service. They must also be forthright with consumers about their process for collecting and using information, including how this information might be shared with or collected from a third party. In addition, they are required to obtain consumers’ consent before gathering health information from third parties.