After a public comment period, the Federal Trade Commission has approved final orders resolving complaints that PaymentsMD, LLC and its former CEO, Michael C. Hughes, violated consumers’ privacy by collecting personal medical information without their consent.
The settlements were first announced in December, 2014. In its complaints, the FTC alleged that Payments MD and Hughes altered the signup process for a consumer health billing site to include permission to collect consumers’ sensitive health information for an electronic health record portal site. According to the complaint, the company contacted health insurance companies, pharmacies, medical offices and labs seeking consumers’ health information, without adequately informing consumers that the company would be seeking such information.
Under the terms of the settlements, PaymentsMD and Hughes must destroy any information collected related to the Patient Health Report service. In addition, the respondents are banned from deceiving consumers about the way they collect and use information, including how information they collect might be shared with or collected from a third party, and they must obtain consumers’ affirmative express consent before collecting health information about a consumer from a third party.
The Commission votes to approve the final orders were 5-0.