Practice Fusion settles FTC charges it misled patients on data privacy

EHR vendor Practice Fusion has agreed to settle charges from the Federal Trade Commission that the company didn't adequately warn patients that answers they submitted to a survey would be made public.

Practice Fusion was planning to launch a public-facing healthcare provider directory in 2013 and solicited patient reviews of physicians using the vendor's platform to use in the directory. The complaint alleges Practice Fusion did not tell patients the reviews would be publicly posted online. 

Patients likely believed the information they shared in the reviews would not be seen by anyone other than their providers, according to the FTC, so many of them included their names, phone numbers and health-related information in the surveys. Some of the health information was included in the publicly posted reviews.

"Practice Fusion's actions led consumers to share incredibly sensitive health information without realizing it would be made public," Jessica Rich, director of the FTC's Bureau of Consumer Protection, said in a statement. "Companies that collect personal health information must be clear about how they will use it — especially before posting such information publicly on the internet."

Under terms of the settlement, Practice Fusion is prohibited from making deceptive statements about the privacy or confidentiality of information collected from patients, and is required to clearly disclose when information will be made public and obtain consent from consumers.

More articles on PHI:

Defunct Hawaii payer holds on to PHI, awaits instruction on data transfer from state government 
Thousands of NFL players' health data stolen from trainer's car 
Vendor breach exposes 87,000 Southeast Eye Institute patients' data 

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars