Payment Collection Service Snatched Customer Medical Data

PaymentsMD, an online tool that lets consumers pay their medical bills, neglected to inform patients that it would try to collect and profit off of detailed personal information from their pharmacies, medical labs and insurers.

Under a Federal Trade Commission settlement, the company must destroy any medical information it collected for its separate online medical records service, called Patient Health Report.

PaymentsMD “deceptively” used the sign-up process for its billing service to seek customers’ consent to obtain detailed medical information, the FTC said in a press release.

PaymentsMD began developing a separate online medical records service in 2012. To populate the medical records, the company altered the registration process for its billing service to include permission for the records service to contact health care providers to obtain patient data.

The company asked customers to agree to the “collection of their health information by signing off on four authorizations presented in small windows on the website, displaying only six lines of an extensive text at one time. . . Customers could accept all four authorizations by clicking one box,” Network World reports.

Customers registering for the Patient Portal billing service believed that the authorizations were for billing, not for the collection of medical records.

The medical information PaymentsMD requested included customers’ prescriptions, procedures, medical diagnoses, lab tests performed and their results, and other information.