An Atlanta-based service that allows customers pay their medical bills online has reached a settlement with the Federal Trade Commission over allegations that it illegally obtained sensitive medical information on its customers.
The FTC contends that PaymentsMD and former CEO Michael Hughes failed to adequately inform their users that the company would use their purchase history to seek “highly detailed medical information from pharmacies, medical labs, and insurance companies.”
According to complaints, PaymentsMD also “deceptively” sought consumers’ consent to obtain detailed medical information about the consumers.” That information was then used create individual “Patient Health Reports” that included the prescriptions, medical procedures and other medical history.
“Consumers’ health information is as sensitive as it gets,” said the FTC’s Jessica Rich, who serves as director of the Bureau of Consumer Protection. “Using deceptive tactics to gain consumers’ ‘permission’ to collect their full health history is contrary to the most basic privacy principles.”
According to the terms of the settlement, PaymentsMD and Hughes must destroy all information related to the so called “Patient Health Reports.” Additionally Hughes and PaymentMD must be forthcoming with customers about how their information is collected and must get express permission from patients in order to share their medical information with third parties.
