Health Billing Company Settles with FTC Over Deceptive Tactics
A settlement between the FTC and PaymentsMD was reached over a deceptive practice use to capture patient information.
- Across the healthcare landscape, organizations are looking for ways to improve operations through technology. One of the hottest trends is the use of patient portals for medical billing and patient satisfaction. These platforms allow patients to easily connect with their healthcare provider to make appointments, follow aftercare instructions, get simple questions answered and pay their bill. While the use of these systems has grown, organizations need to make sure they are properly presented and managed to be successful.
This week, the Federal Trade Commission (FTC) announced it has reached a settlement with health billing company PaymentsMD and its former CEO Michael Hughes. This stems from allegations that the company misled thousands of consumers who signed up for an online billing portal by failing to properly inform patients that it was seeking detailed medical information from pharmacies, medical labs and insurance companies.
“Consumers’ health information is as sensitive as it gets,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in a press release. “Using deceptive tactics to gain consumers’ ‘permission’ to collect their full health history is contrary to the most basic privacy principles.”
The complaints against the company claim that the sign-up process for the “Patient Portal,” which allowed patients to view their billing history, was also used to “deceptively seek consumers’ consent” and obtain detailed medical information. This new portal was created in 2012 with the goal of providing comprehensive online medical records. For this database to be complete, the company needed to acquire medical information and altered the registration process to include permission for it and its partners to contact healthcare providers to obtain this data.
In the portal, the authentication process included multiple windows with and only six lines of “extensive text” at a time. All four of the authentications could be approved by clicking a single box. It was also presented as the consent was needed for medical billing.
Once approved, the company attempted to gather sensitive health information including prescriptions, procedures, medical diagnoses, lab tests performed and the results, and more. For some of this data, the company reached out to local pharmacies, not even knowing if the patients were customers there.
In every incident but one, the healthcare companies contacted for data refused to comply with requests, as they included requests about minors and individuals that were not customers or patients. Once patients were informed that PaymentsMD was seeking out this information, multiple complaints were received because consumers felt they had been swindled and were under the assumption that they had only signed up for the billing portal, not an online health record.
Under the settlement, PaymentsMD and Hughes agreed to destroy all information gathered and is banned from using deceiving tactics to gather information.
