Flo Health pitched its Flo Period & Ovulation Tracker as a way for millions of women to “take full control of [their] health.” But according to the FTC, despite express privacy claims, the company took control of users’ sensitive fertility data and shared it with third parties – a broken promise that left consumers feeling “outraged,” “victimized,” and “violated.” Read on for details, including a notable feature in the proposed settlement.
Blog Posts Tagged with Health Privacy
To meet the needs of consumers who are injured or face a medical emergency while traveling, Scottsdale-based SkyMed International sells air evacuation plans and other services. The FTC’s action against SkyMed also involves consumer injury, but not of the fractured-femur-in-France variety. According to the FTC, SkyMed put consumers’ sensitive information at risk of compromise by failing to employ a robust data security program.
If you sell genetic testing kits to consumers, you’re probably familiar with the Genetic Information Nondiscrimination Act (GINA), which prohibits discrimination on the basis of genetic information under some circumstances. You’re also familiar with the Health Insurance Portability and Accountability Act (HIPAA), which protects health information collected by certain types of entities. Then there are laws enforced by the FDA and the Centers for Disease Control and Prevention that pertain to genetic testing kits.
Combine two of the most talked-about consumer protection topics – health privacy and consumer-generated online content – and what do you get? A proposed FTC settlement with Practice Fusion, the largest cloud-based electronic health records company in the country, and six compliance tips for others in the industry.
When a company promises to encrypt dentists’ patient data, but fails to live up to established standards, it shouldn’t come as a surprise that the FTC would bristle. A $250,000 proposed settlement with Henry Schein Practice Solutions, Inc., and a new FTC video remind companies to brush up on security-related data hygiene.
From a patient’s perspective, it was one of those “It seemed like a good idea at the time” innovations: a free online portal that lets people view their billing history with a number of different healthcare providers. But according to the FTC, Atlanta-based PaymentsMD, LLC and former CEO Michael C. Hughes signed consumers up for their service and then went on a medical information scavenger hunt without their permission.
Imagine doing a routine online search and having the search engine serve up files that include medical histories, notes from psychiatric sessions and children’s medical exams, sensitive information about drug abuse or pregnancy loss, and personal data like Social Security and driver’s license numbers. That suggests a breach that “uh-oh” doesn’t begin to cover. The FTC’s lawsuit against GMR Transcription Services –
Back in the day, consumers looking for a personalized product had to settle for a monogrammed hanky. GeneLink, Inc.
We’ve said it before, but it bears repeating: Glitch Happens. In the case of Accretive Health, Inc., it was a laptop taken from the passenger compartment of an employee’s car. What transformed this oops into a full-fledged uh-oh was that the laptop contained files with 20 million pieces of data about 23,000 patients, including sensitive health information. And according to the FTC’s lawsuit, the employee in question didn’t need all that
You spend a good portion of your time trying to protect sensitive information on your network from high-tech hijackers. That’s important, of course. But don’t let it take your eye off the risks posed by good old-fashioned — make that bad old-fashioned — theft. That’s the message businesses can take from the FTC’s settlement with cord blood bank, Cbr Systems, Inc.