Sunrise, Florida-based telehealth service provider MDLive is apparently facing a class-action lawsuit over allegations it does not protect the privacy of patients' healthcare information.
Filed last week in Florida federal court by plaintiff Joan Richards, an MDLive user, who is seeking $5 million in damages.
The suit alleges MDLive takes an average of 60 screenshots screenshots during the first 15 minutes patients use its app, during which they are prompted to enter their health information. From here, these screenshots are apparently sent to a third-party tech company — Tel Aviv, Israel-based TestFairy, without notifying patients. TestFairy tracks users' experience and finds potential bugs within the MDLive app.
Moreover, the suit also alleges patients' information is accessible to certain MDLive employees via an unrestricted database.
"Despite the sensitive nature of patients' medical history, MDLive fails to adequately secure or restrict access to the screenshots," the complaint reads. "Specifically, MDLive grants its own developers and/or designers (and possibly third parties like TestFairy) unfettered access to patients' medical history, without regard for whether those individuals require access in order to provide and/or improve the healthcare services provided by MDLive."
Expectantly, MDLive's spokesperson reacted, saying to FierceHealthcare that protecting patient privacy and confidentiality is a "top priority for MDLIVE," adding, "we have confirmed that patient information is safe and we have located no evidence of any breach of HIPAA. Our services, policies and procedures are designed to keep personally identifiable information secure and meet the strictest legal and regulatory standards. The claims of this lawsuit are entirely without merit, and we will immediately seek its dismissal."
The suit will undoubtedly shake the entire telehealth sector, which in turn will have to include additional measures to protect the patients' privacy. More to come, obviously.