Federal Trade Commission approves orders in complaints against Payments DD and its former CEO
February 8, 2015 |
On 5 December 2014 I posted on the settlement of charges by hte in a complaint against PaymentsMD and its former CEO, Michael Hughes. On 6 February 2015 the Federal Trade Commission (The “FTC”) approved final orders in the PaymentsMD Privacy case. The FTC is turning into as good a regulator on privacy related issues as the legislation permits. Far more effective than Australian and New Zealand regulators. In Australia the powers are there to be very a effective effective regulator. The enforcement policy as provided to date is vague enough to permit significant action without too many internal constraints. And anecdotal evidence points to the no shortage of poorly complying organisations. It really comes down to the spirit may be willing, perhaps, but the flesh is weak, most definitely.
The media release provides:
After a public comment period, the Federal Trade Commission has approved final orders resolving complaints that PaymentsMD, LLC and its former CEO, Michael C. Hughes, violated consumers’ privacy by collecting personal medical information without their consent.
The settlements were first announced in December, 2014. In its complaints, the FTC alleged that Payments MD and Hughes altered the signup process for a consumer health billing site to include permission to collect consumers’ sensitive health information for an electronic health record portal site. According to the complaint, the company contacted health insurance companies, pharmacies, medical offices and labs seeking consumers’ health information, without adequately informing consumers that the company would be seeking such information.
Under the terms of the settlements, PaymentsMD and Hughes must destroy any information collected related to the Patient Health Report service. In addition, the respondents are banned from deceiving consumers about the way they collect and use information, including how information they collect might be shared with or collected from a third party, and they must obtain consumers’ affirmative express consent before collecting health information about a consumer from a third party.
[…] Federal Trade Commission approves orders in complaints against Payments DD and its former CEO […]