Blog Posts Tagged with Health Privacy

Health app broke its privacy promises by disclosing intimate details about users

Flo Health pitched its Flo Period & Ovulation Tracker as a way for millions of women to “take full control of [their] health.” But according to the FTC, despite express privacy claims, the company took control of users’ sensitive fertility data and shared it with third parties – a broken promise that left consumers feeling “outraged,” “victimized,” and “violated.” Read on for details, including a notable feature in the proposed settlement.

FTC says flight service winged it by leaving data unprotected in the cloud

To meet the needs of consumers who are injured or face a medical emergency while traveling, Scottsdale-based SkyMed International sells air evacuation plans and other services. The FTC’s action against SkyMed also involves consumer injury, but not of the fractured-femur-in-France variety. According to the FTC, SkyMed put consumers’ sensitive information at risk of compromise by failing to employ a robust data security program.

Selling genetic testing kits? Read on.

If you sell genetic testing kits to consumers, you’re probably familiar with the Genetic Information Nondiscrimination Act (GINA), which prohibits discrimination on the basis of genetic information under some circumstances. You’re also familiar with the Health Insurance Portability and Accountability Act (HIPAA), which protects health information collected by certain types of entities. Then there are laws enforced by the FDA and the Centers for Disease Control and Prevention that pertain to genetic testing kits.

FTC takes on toothless encryption claims for dental practice software

When a company promises to encrypt dentists’ patient data, but fails to live up to established standards, it shouldn’t come as a surprise that the FTC would bristle. A $250,000 proposed settlement with Henry Schein Practice Solutions, Inc., and a new FTC video remind companies to brush up on security-related data hygiene.

A pain in the privacy

From a patient’s perspective, it was one of those “It seemed like a good idea at the time” innovations: a free online portal that lets people view their billing history with a number of different healthcare providers. But according to the FTC, Atlanta-based PaymentsMD, LLC and former CEO Michael C. Hughes signed consumers up for their service and then went on a medical information scavenger hunt without their permission.

50th data security settlement offers golden opportunity to check your practices

Imagine doing a routine online search and having the search engine serve up files that include medical histories, notes from psychiatric sessions and children’s medical exams, sensitive information about drug abuse or pregnancy loss, and personal data like Social Security and driver’s license numbers.  That suggests a breach that “uh-oh” doesn’t begin to cover.  The FTC’s lawsuit against GMR Transcription Services –

When a data oops becomes an uh-oh

We’ve said it before, but it bears repeating:  Glitch Happens.  In the case of Accretive Health, Inc., it was a laptop taken from the passenger compartment of an employee’s car.  What transformed this oops into a full-fledged uh-oh was that the laptop contained files with 20 million pieces of data about 23,000 patients, including sensitive health information.  And according to the FTC’s lawsuit, the employee in question didn’t need all that

Bank data security (but not that kind of bank)

You spend a good portion of your time trying to protect sensitive information on your network from high-tech hijackers.  That’s important, of course.  But don’t let it take your eye off the risks posed by good old-fashioned — make that bad old-fashioned — theft.  That’s the message businesses can take from the FTC’s settlement with cord blood bank, Cbr Systems, Inc.