Protecting your sensitive health information

Books closed, it’s time for a health privacy pop quiz. What online medical billing company did the FTC allege deceived consumers in an attempt to get their sensitive health information from pharmacies, health insurance companies, and medical labs?

A. Trapper John, M.D.

B. Doogie Howser, M.D.

C. House, M.D.

D. PaymentsMD

If you said PaymentsMD, you’re right. And if you’ve never heard of Trapper John, M.D., be thankful you’re still in that desirable 18 to 34 age bracket marketers love. But let’s get back to the issue at hand: protecting your sensitive health information.

According to the FTC’s complaint, PaymentsMD received authorization to collect customers’ health information for an online bill payment system and, without their customers’ permission, tried to use it for another purpose: to collect sensitive health information from third parties to create a comprehensive online medical record. The FTC says PaymentsMD tried to collect additional information about medical providers, procedures conducted and diagnoses given; detailed prescription information; lab information like test results; and information about what patients and their insurers paid.

Fortunately, all but one of the companies PaymentsMD contacted for sensitive health information refused to provide it.

PaymentsMD agreed to settle charges filed by the FTC. The company:

  • must delete any information it collected related to the comprehensive online medical record service;
  • can’t deceive consumers about the services for which they are registering;
  • can’t deceive consumers about how they collect and use sensitive health information; and
  • must get a customer’s authorization before collecting health information from a third party.

Before you provide sensitive health information to a website, find out why they need the information, how they’ll keep it safe, if they’ll share it, and with whom.

Tagged with: health, privacy


So, what's the name of the one company THAT DID PROVIDE sensitive health information?


I don't understand why they are allowed to operate. That should be jail time. As bad as identity theft which actually it was. Joe Consumer would be in jail a very long time. Place should be shut down.

The sad thing is doctors and other "medical professionals" (to include your pharmacist tech) pass private health information about you to "interested parties" all the time! These "interested parties" should be the doctors and others YOU designate. But privacy issues aside (evidently), doctors and others compile and pass info about you (and supported by laws that will be mandated by Obamacare) with regard to drug/alcohol use, sexual activity (HIV, too), chronic health issues (e.g., cancer), and mental health issues (is depression a mental illness?)Not to mention the Prescription Monitoring Program, a federally-mandated State program that records your use of all controlled substances (everything from Adderall to Testosterone to Oxy) . . . for the DEA's use. (Their charter says they gather the info to isolate individuals who may abuse/divert controlled substances. Nevertheless, now EVERYONE knows your business! Of you take oxy, someone (a potential employer) may ask why . . . You might offer that your spine was crushed in a horrible car accidents or your had cancer or you had menstrual cramps . . . whatever the reason you offer to put your "use" in context, you've now revealed frther personal information about yourself . . .)

It gets really old what has been done in databases with my name, both my sons and probably deceased relatives. Aetna, Ingenix, and who knows who else.

I'm good

It's a great preasure to join

Have you looked into my report yet? Getting scammed for 1300 dollars is know fun. But having a office lije yours and you do nothing about it hurts even more. Your office is suppost to protect the American people. Thank You Irma H

I'm too disgusted to even make a comment!

We're all at risk. Everything about us is out there somewhere. If someone is collecting large quantities of data, any one of us could be caught in the net. Taking precautions, staying aware, and suspecting anything that appears to be a hack or too good to be true, and using protective software - especially while online - is about all we can do as individuals. Large government and public entities should spend the dollars necessary to protect as much as they can.


Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.