In a 5-0 vote, the Federal Trade Commission has approved final orders resolving complaints that an Atlanta-based physician billing company and its former CEO violated consumers’ privacy by collecting personal medical information without their consent.

Under settlements with FTC, PaymentsMD, LLC and Michael C. Hughes must destroy any information collected from an online billing portal used to mislead thousands of consumers who signed up for the service. They also are banned from deceiving consumers about the way they collect and use information, including how information might be shared with or collected from a third party. The company and Hughes also must obtain consumers’ affirmative express consent before collecting health information about a consumer from a third party.

In its complaints, the FTC alleged that PaymentsMD and Hughes altered the signup process for a consumer health billing site to include permission to collect consumers’ sensitive health information for an electronic health record portal site. According to the complaint, the company contacted health insurance companies, pharmacies, medical offices and labs seeking consumers’ health information, without adequately informing consumers that the company would be seeking such information.

Information requested included prescriptions, procedures, medical diagnoses, lab tests performed and the results of tests, among other information. However, in all but one case, those entities contacted for data refused to comply with the requests, given that they included requests for information about minors as well for individuals who were not customers of the companies that were contacted.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access