Medical billing provider settles with FTC for duping customers

An Atlanta-based health billing company and its former CEO have settled Federal Trade Commission charges that they deceived consumers about their company practices.

In the complaints, the FTC charged PaymentsMD and its former CEO, Michael C. Hughes, with utilizing the sign-up process for a patient portal as a means to deceptively gain consent to obtain detailed medical information.

PaymentsMD, a website where consumers could pay their bills, began developing a separate service known as Patient Health Report. To populate the record, the company needed consumers’ medical records and thus altered its registration process for the billing to include permission for the company and its partners to contact healthcare providers for their medical data, according to the agency.

Consumers consented to the collection of their health information by signing off on four authorizations that were presented in small windows, displaying only six lines of the extensive text at a time, which could be accepted by clicking one box to agree to all of the authorizations at once. Information requested included the prescriptions, procedures, medical diagnoses, lab tests performed and test results. The complaints allege the company contacted pharmacies located near the consumers, without knowing whether the consumers in question were customers of the particular pharmacy.

“Consumers’ health information is as sensitive as it gets,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection, in a statement. “Using deceptive tactics to gain consumers’ ‘permission’ to collect their full health history is contrary to the most basic privacy principles.”

Under the proposed settlement, PaymentsMD must destroy any information collected. In addition, they must obtain consumers’ affirmative express consent before collecting health information about a consumer from a third party, according to FTC.