MDLive, a Sunrise, Florida-based telehealth company, is facing a class-action lawsuit over allegations it does not protect the privacy of patients’ healthcare information.
The lawsuit was filed earlier this week in Florida federal court by plaintiff Joan Richards, an MDLive user. One of Richards’ attorneys, Dillon Brozyna, is with Edelson PC, a Chicago, Illinois-based firm.
Richards is seeking $5 million in damages.
The suit alleges MDLive takes screenshots during the first 15 minutes patients use its app, during which they are prompted to enter their health information. The suit claims MDLive takes an average of 60 screenshots during that time period.
According to the complaint, MDLive then sends these screenshots to a third party tech company, Tel Aviv, Israel-based TestFairy, without notifying patients. TestFairy tracks users’ experience and finds potential bugs within the MDLive app.
“[TestFairy] is a company that promotes itself as doing user analytics,” Christopher Dore, a partner at Edelson PC, told MedCity in a phone interview. “But of course, by using it in this type of app, the data that’s being captured is highly sensitive medical information and is then being shown to potential app developers and other employees that should never have access to this type of information.”
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
The suit also alleges patients’ information is accessible to certain MDLive employees via an unrestricted database.
“Despite the sensitive nature of patients’ medical history, MDLive fails to adequately secure or restrict access to the screenshots,” the complaint reads. “Specifically, MDLive grants its own developers and/or designers (and possibly third parties like TestFairy) unfettered access to patients’ medical history, without regard for whether those individuals require access in order to provide and/or improve the healthcare services provided by MDLive.”
MDLive did not respond to MedCity’s request for comment. However, an MDLive spokesperson told FierceHealthcare:
Protecting patient privacy and confidentiality is a top priority for MDLIVE. We have confirmed that patient information is safe and we have located no evidence of any breach of HIPAA. Our services, policies and procedures are designed to keep personally identifiable information secure and meet the strictest legal and regulatory standards. The claims of this lawsuit are entirely without merit, and we will immediately seek its dismissal.
This lawsuit also has broader implications for the field of telehealth. “Consumers need to be wary and concerned and companies need to be much more proactive in protecting information and informing consumers about what’s happening with that information,” Dore told MedCity.
Photo: SCIENCE PHOTO LIBRARY, Getty Images
