Class Action Initiated Against Telehealth Provider for Disclosure of Sensitive Information

Kathryn Rattigan
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

A class action was filed in Fort Lauderdale, Florida this week against a national telehealth provider, MDLive Inc. (MDLive) for its mobile app’s alleged secret capture of screenshots containing sensitive patient information without restricting access to medical providers who have a legitimate need to view the information. The lawsuit was filed by Utah resident, Joan Richards, who is seeking class certification of a class that she estimates will include thousands of other MDLive users and more than $5 million damages.

In Richards’ complaint, she alleges, “Patients provide their medical information to MDLive in order to obtain health care services and reasonably expect that MDLive will use adequate security measures, including encryption and restricted permissions, to transmit patients’ medical information to treating physicians [. . .] Contrary to those expectations, MDLive fails to adequately restrict access to patient’s medical information and instead grants unnecessary and broad permissions to its employees, agents and third parties.” Richards’ complaint further alleges that MDLive programmed its app to capture an average of 60 screenshots during the first 15-minutes that the app is open on a user’s device –this is the same amount of time it takes a new user to register for an account, enter their medical history and connect with a doctor. During this timeframe, the app also prompts the user to enter sensitive information such as details about allergies, past medical procedures and behavioral health history including conditions such as obsessive compulsive disorder, bipolar disorder, schizophrenia, depression and substance abuse.

Richards’ complaint also states that MDLive sends these screenshots to TestFairy, a third-party technology company based in Tel Aviv, Israel, that works with MDLive to “insert the necessary hooks to gather information” about the user’s experiences with the app to improve the app and detect bugs. However, Richards’ concern is that TestFairy is not a health care provider and MDLive patient users have not been informed that MDLive intends to send their medical information to TestFairy in near real time.

The class action includes claims for breach of contract, intrusion upon seclusion, fraud, unjust enrichment, violation of the Utah Truth in Advertising law, and violation of the Utah Consumer Sales Practices Act.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide