FTC Settles With Medical Billing Company in Patient Consent Case
February 10, 2015 in News
The Federal Trade Commission has confirmed final orders to settle with medical billing company PaymentsMD and its former CEO Michael Hughes over charges that the company collected personal health data without appropriate patient consent, Health Data Management reports (Slabodkin, Health Data Management, 2/10).
Background on Case
According to FTC, as part of an effort to develop a separate Patient Health Report Service, PaymentsMD changed its registration process for its patient portal to include a request to authorize the company and its affiliated partners to contact insurers, medical labs and pharmacies to obtain patient data. Such data included patients’:
- Lab tests;
- Lab test results;
- Prescriptions; and
FTC said that PaymentsMD asked for four separate authorizations in small windows with only six lines of text at a given time and gave patients the opportunity to accept all the authorizations at once (iHealthBeat, 12/10/14).
According to Health Data Management, the entities in all but one case refused to comply with the data requests because they included information about minors and non-costumers.
FTC approved the settlement in a 5-0 vote.
Under the settlement, PaymentsMD must:
- Destroy any collected patient data; and
- Obtain affirmative express consent from patients before collecting their data from third parties.
PaymentsMD and Hughes also are prohibited from deceiving consumers about how their information is collected and used (Health Data Management, 2/10).