The FTC Announces a Proposed Settlement Regarging Patient Data
Friday, December 12, 2014
The FTC Announces a Proposed Settlement Regarging Patient Data
Print Mail Download i

When it comes to patient information, so much of the focus is on HIPAA. However, a proposed settlement announced on December 3, 2014 by the FTC serves as a reminder that the Federal Trade Commission (FTC) also enforces privacy matters. The FTC announced the proposed settlement with PaymentsMD, LLC and its former CEO for allegedly failing to adequately inform patients that it would seek detailed medical information from the patients’ health providers such as pharmacies, labs, and insurance companies. The FTC specifically alleged that the company operated a website for patients to pay their medical bills. The company later began developing a separate service to provide consumers with online medical records. To populate those records, the company allegedly needed to obtain the medical information. According to the FTC complaints, the company obtained patient authorization to collect the data through four authorizations on the website that were presented in small windows, displaying only six lines at a time of the extensive text. In addition, the complaints alleged that all four authorizations could be accepted by clicking just one box. The FTC also alleged that it was not made clear on the website that the patients would be giving permission to collect their medical information for the medical record product. Therefore, the FTC alleged that patients registering for the billing service would have reasonably believed that the authorizations were to be used for billing. Under the terms of the proposed settlements, the company and former CEO must destroy all patient information collected and are banned from deceiving consumers about the way they collect and use information. The FTC will publish a description of the proposed settlement in the Federal Register and the agreement will be subject to public comment through January 2, 2015. The important takeaway from this matter is that the even a disclosure allowed under HIPAA may subject a Covered Entity or Business Associate to FTC enforcement for practices that the FTC determines are “deceptive.” 

© 2024 BARNES & THORNBURG LLP

Current Legal Analysis

More from Barnes & Thornburg LLP

FTC Passes Final Rule Banning Worker Non-Compete Agreements
by: Kendall Millard , Christopher Rubey
The Sun Comes Out on Earth Day: EPA Announces Recipients of $7 Billion Solar For All Grants
by: Bruce White
DOL Salary Rule Alert: White Collar Exemption Final Rule Released
by: Kathleen M. Anderson , Mark Wallin
FTC Approves Non-Compete Ban
by: Christopher Rubey
Will New EPA Strategic Civil-Criminal Enforcement Policy Promote Fairness In Case Selection?
by: Richard E. Glaze Jr. , Bruce White
Union Election Petitions and Labor Charges Continue Their Meteoric Rise
by: David J. Pryzbylski
HHS-OIG Highlights Anti-Fraud Safeguards for Patient Assistance Programs Backed Mainly By Drug Manufacturers
by: Jason D. Schultz , Thomas K. Petersen
Crossing The Border: Federal Circuit Confirms Patent Owner’s Ability To Recover A Reasonable Royalty Based On Foreign Activity
by: Heather B. Repicky
Did the Supreme Court Just Invite Greenhushing? Not So Fast …
by: Bruce White
U.S. Supreme Court Clarifies, and Broadens, Definition of "Transportation Worker" Under the Federal Arbitration Act
by: Michael Witczak

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins