We continue to harp on issues relating to HIPAA compliance with our clients, collections of PHI (Personal Health Information), and marketing:
According to the commission, Atlanta-based PaymentsMD LLC and its former CEO Michael C. Hughes violated Section 5 of the FTC Act by using the signup process in its free patient portal billing service as a pathway to deceptively seek consumers’ consent to obtain detailed medical information about consumers.
In order to resolve the claims, the company and Hughes have agreed to destroy the sensitive data that had been deceptively collected. They are also banned from misleading consumers about the way they collect and use information, including how the data might be shared with or collected from a third party, and they must obtain consumers’ affirmative express consent before collecting consumers’ health information form a third party, according to the proposed consent order, which will now be subject to a 30-day public comment period.
“Consumers’ health information is as sensitive as it gets,” Jessica Rich, the director of the FTC’s Bureau of Consumer Protection, said in a statement Wednesday. “Using deceptive tactics to gain consumers’ ‘permission’ to collect their full health history is contrary to the most basic privacy principles.” Here’s another wakeup call for us.
Read more here