March 19, 2018

March 19, 2018

Subscribe to Latest Legal News and Analysis

Patients File Class Action Against MDLive Inc. Claiming it Wrongfully Collects and Shares Sensitive Health Information

A class action suit filed in the U.S. District Court of the Southern District of Florida has accused national telehealth provider and mobile application developer MDLive of designing the MDLive App that secretly captures patients’ sensitive health information and unbeknownst to the patients, transmits their health information to an off-shore third party tech company. The suit also alleges that contrary to MdLive’s representation that it respects and takes patient privacy “very seriously,” MDLive fails to restrict access to a patient’s health information only to the patient’s healthcare provider but instead grants broad access to its employees (including software developers), agents and third parties. The suit also alleges that MDLive breached its contract with the patients by failing to implement adequate security measures to ensure that access to their health information was appropriately restricted (such as through the use of encryption). 

The plaintiff, Utah resident Joan Richards, seeks to certify a class that she estimates will number in the thousands. The complaint includes counts for breach of contract, intrusion upon seclusion, fraud, unjust enrichment, violation of the Utah Truth in Advertising Law and Consumer Sales Practices Act, and seeks injunctive relief, damages over $5 Million and attorney’s fees. 

MDLive’s website states that its “industry-leading HIPAA and PHI-compliant, cloud-based platform helps consumers, health plans, health systems and self-insured employers obtain better, faster care that’s more convenient than visiting a doctor’s office and far more cost-effective than going to the ER or Urgent Care for routine ailments.” 

According to the complaint, MDLive created the MDLive App which promises consumers “Virtual Healthcare, Anywhere”, and through this App offers patients remote access to healthcare providers via telephone or video chat for a fee of $49. Patients must first download the App and must enter their medical history, including their allergies, health conditions, behavioral health history, family medical history, and any recent procedures. Under the “Behavioral Health History” category, patients are asked to specify what health conditions they suffer from, such as bipolar disorder, substance abuse, schizophrenia, depression, etc.

The App claims that it can connect users with a doctor within 15 minutes and that all personal medical information will remain confidential. During these first 15 minutes of access, the App “continuously takes screenshots of patients’ screens”, alleged to be, “an average of 60 screenshots”. The App is programmed to transmit those screenshots to an overseas third party tech company, Test Fairy. Test Fairy claims that by directly tracking user interactions within an app, it can eliminate the need to obtain feedback from beta testers.

This class action suit lawsuit underscores that companies must be mindful not only of the potential applicability of HIPAA but also state privacy, consumer protection and other laws. For example, a privacy policy may be used to support a breach of contract or fraudulent misrepresentation claim. As new technologies and practices emerge, companies should continue to periodically verify that their collection, use, and disclosure of personal information are in accordance with their published privacy policies and notices. 


© Polsinelli PC, Polsinelli LLP in California


About this Author

Jean Marie R. Pechette, Polsinelli, Business Strategy Attorney, Life Sciences Industries lawyer

Jean Pechette is a creative yet practical thinker who partners with clients and fully engages in assisting them to achieve their matter-specific goals by first understanding their overall business strategies. Jean has over 20 years of experience in information technology, privacy and intellectual property law, with a focus on health care and life sciences industries, including serving as a division general counsel for a Fortune 50 company.  She brings to clients a unique perspective to help them navigate novel and complex technology-related problems.

Jarno Varno, Privacy Attorney, Polsinelli Law FIrm

Jarno Vanto's strengths lie in his ability to intimately understand each client’s specific industry technology and his awareness of the complex international environment. His extensive international experience allows him to provide a differentiated perspective to clients on privacy, cyber security, intellectual property, and corporate matters. 

Clif Ruch, Privacy Attorney, Polsinelli Law Firm

Clif Ruch is passionate about the new and exciting challenges that technological advancement presents to each unique business environment. He draws upon a rich history of practicing in-house with a leading technology corporation, and he leverages that experience to provide unique insight to the business impact of software and data use agreements. Clif has extensive experience drafting and negotiating agreements for Software as a Service (SaaS) and Application Service Provider (ASP) software, cloud storage arrangements, data rights and use contracts, and IT security provisions.