Protecting your sensitive health information
Books closed, it’s time for a health privacy pop quiz. What online medical billing company did the FTC allege deceived consumers in an attempt to get their sensitive health information from pharmacies, health insurance companies, and medical labs?
A. Trapper John, M.D.
B. Doogie Howser, M.D.
C. House, M.D.
If you said PaymentsMD, you’re right. And if you’ve never heard of Trapper John, M.D., be thankful you’re still in that desirable 18 to 34 age bracket marketers love. But let’s get back to the issue at hand: protecting your sensitive health information.
According to the FTC’s complaint, PaymentsMD received authorization to collect customers’ health information for an online bill payment system and, without their customers’ permission, tried to use it for another purpose: to collect sensitive health information from third parties to create a comprehensive online medical record. The FTC says PaymentsMD tried to collect additional information about medical providers, procedures conducted and diagnoses given; detailed prescription information; lab information like test results; and information about what patients and their insurers paid.
Fortunately, all but one of the companies PaymentsMD contacted for sensitive health information refused to provide it.
PaymentsMD agreed to settle charges filed by the FTC. The company:
- must delete any information it collected related to the comprehensive online medical record service;
- can’t deceive consumers about the services for which they are registering;
- can’t deceive consumers about how they collect and use sensitive health information; and
- must get a customer’s authorization before collecting health information from a third party.
Before you provide sensitive health information to a website, find out why they need the information, how they’ll keep it safe, if they’ll share it, and with whom.