Practice Fusion case makes 6 health privacy recommendations

What do you get when you combine two of the highest-profile consumer protection topics: health privacy and consumer-generated online content? A proposed FTC settlement with Practice Fusion, the largest cloud-based electronic health records company in the United States, and six compliance tips for other companies in the industry.

One of San Francisco-based Practice Fusion’s key products is an electronic records system for outpatient providers. In 2009, the company launched “Patient Fusion,” an online portal where patients whose providers already use Practice Fusion can view or download their health information or transfer it to other providers. Patient Fusion also allows patients to send and receive secure messages from their providers.

A few years later, the company decided to expand Patient Fusion to include a public directory where current and potential participants can search for doctors by geography or specialty, read patient reviews of providers and request an appointment. But Practice Fusion had to ask itself a question familiar to many online companies: How do we get content — in this case, patient reviews? This is the focus of the FTC lawsuit.

According to the complaint, Practice Fusion collected data in a misleading manner that led some patients to believe they were sending follow-up information about diagnoses, treatments, prescriptions, etc. directly to their doctors, rather than providing content to a public website. However, Practice Fusion has populated its new website with information provided by these individuals, some of which is highly sensitive.

Here’s the thing. After making an appointment with a doctor, patients receive an email titled “How was your visit?” The message continues, “To help you improve your service in the future, please let us know about your visit,” and includes a link with a rating star. The message ended like this:

Thank you,
PhD. [Name]

The message reads in the footer: “This email was sent to you by Patient Fusion® (Doctor Tools). [Name] To provide the highest quality care to patients. ” Below it in smaller font it says “Sending on Behalf of Doctor” [Name]The Office: Practice Fusion. “

If patients click on the link, they are taken to a page asking for feedback on how long they will have to wait for an appointment, the doctor’s bedside manner, and whether their medical concerns are being addressed.

There is also a text box that invites patients to “leave a review for your provider.” Below is a pre-checked box that says “Keep this comment anonymous.”

What do some people put in that box? Highly sensitive information is sent directly to their doctors, rather than shared publicly for evaluation. Here are just a few examples:

  • “PhD [name], the Xanax prescription I received on Monday was for 1 pill a day, but normally it is 2 pills a day. I haven’t taken it to the pharmacy yet. Can I buy a new one, or can I go to the pharmacy and get a prescription? Thanks, [patient’s full name]
  • “I called today and left a message about my daughter but no one has returned my calls. I think she is depressed and has stated multiple times this week that she wishes she was dead. Can someone please call me [phone number]? “
  • “Cefoxime axetil doesn’t seem to be doing anything for me. I’ve done some research and I think I have a yeast infection called candida. Not sure what to do yet. I think I’ll try changing my diet first Habits. Drugs? [patient’s full name]
  • “I would like to make an appointment to treat my back pain and possible shingles. Can you call me@ [phone number]? Thank you! [patient’s full name]”
  • “I don’t have an infection [healthcare provider name]. Everything went well after my visit so it’s my chemo day…Thanks Hope I’ll see you at Methodist Hospital tomorrow…Thanks… [patient’s full name]”

The smallest, lightest font on the page reads “To protect your interests, please do not include any personal information.” But the FTC said the information some patients entered into the box (full name, phone number, prescription received or surgery performed) indicated that they believed they were sending follow-up questions directly to the doctor’s office.

How about that pre-checked “Keep this comment anonymous” box? According to the FTC, it does not anonymize what patients write. Instead, it simply affects whether it appears “anonymously” or under the patient’s name on the public Patient Fusion website.

The FTC said this continued for about a year until ” Forbes Highlights the sensitivity of some of the comments and questions posted in the text box posted on Patient Fusion. At the time, the company implemented automated procedures to prevent the publication of reviews in which consumers entered personal information.

In a separate complaint, the FTC alleges that Practice Fusion explicitly or implicitly communicated investigation responses to consumers’ health care providers but failed to adequately disclose that it would also publicly release investigation responses. According to the FTC, this fact is important for consumers to decide whether or how to respond to this survey.

In order to resolve the case, Practice Fusion agreed not to misrepresent the extent to which it uses, maintains and protects the privacy and confidentiality of any information involved. Additionally, if a company wants to disclose covered information to consumers, it must first: 1) clearly and conspicuously disclose to consumers—separate from a privacy policy, terms of use page, or similar document—its intent to disclose the information; 2) Obtain explicit consent from consumers.

The terms of the settlement apply only to Practice Fusion, but others in the industry can learn lessons.

If personal health information is involved, please handle it with special caution. Consumers are concerned about the confidentiality of their health information, and they have good reason to be. Given how much is at stake, industry members note the need to proceed with caution.

Explain your intentions. Especially with new products and services, don’t assume consumers share your expertise. Be straightforward and use simple words to explain what you want to do with their material.

Obtain explicit consent from consumers before publicly disclosing sensitive information. Companies interested in winning loyal customers (and staying out of legal quicksand) will ask consumers for permission before disclosing personal data and wait for a clear “yes” before proceeding. When health care information goes awry, now is not the time to plead with negative options or other less clear methods of consent.

Disclosure should reach and engage consumers. Healthcare IT is attracting companies that may not be familiar with the Commission’s approach, so here’s some FTC 101: If disclosure is necessary to prevent deception, the information must be clear and compelling. For the FTC, “clear and conspicuous” is a performance criterion, not font size. Pretty footnotes, dense blocks of text, jargon-filled puns, or cryptic hyperlinks will probably not cut it. So if companies need to disclose information, how can they make it clear and conspicuous? Here’s a rule of thumb: When you really want to grab a potential customer’s attention, think about the eye-catching methods you use regularly—graphics, color, large fonts, prominent placement, clear wording, etc.

Don’t hide key facts in a privacy policy that’s difficult to understand. You’ll have to read the complaint to learn the details, but after Practice Fusion began collecting and publishing consumer survey results, it changed the content in its privacy policy without explicitly disclosing the information on the survey page itself. Of course, a company’s privacy policy and terms of use pages should be accurate and easy to understand, but it would be unwise to rely on these pages as the sole means of communicating key details (for example, that you intend to publicly release a consumer’s sensitive health information).

See FTC Business Resources. Companies that are only used to HIPAA may not be familiar with the FTC’s practices. Visit the Business Center to learn about compliance basics. For example, .com Disclosure: How to Disclose Effectively in Digital Advertising discusses how to clearly communicate important messages online. The Mobile Health App interactive tool can help you determine which federal law (and there may be more than one) applies to your business. Mobile Health App Developers: FTC Best Practices for Good Privacy and Security.

The FTC will accept public comments on its proposed settlement with Practice Fusion until July 8, 2016.

Source link



from Tech Empire Solutions https://techempiresolutions.com/practice-fusion-case-makes-6-health-privacy-recommendations/
via https://techempiresolutions.com/

from Tech Empire Solutions https://techempiresolutions.blogspot.com/2024/01/practice-fusion-case-makes-6-health.html
via https://techempiresolutions.com/

Comments

Post a Comment

Popular posts from this blog

Perfecta grill uses AI to help cook steaks in 90 seconds

Image
CES is increasingly becoming a barbecue show, and companies are constantly looking for ways to bring more technology to your deck or patio. One company adding artificial intelligence technology to its spice racks is Seergerills, a British startup made up of engineers and product developers. Its flagship model, the Perfecta, can cook a one-inch-thick rib-eye steak in 90 seconds. Overall, the company says the grill looks more like a see-through countertop oven and cooks food about 10 times faster than traditional cooking methods. Inside, dual vertical infrared burners cook both sides simultaneously, which not only speeds up the process but also eliminates the need for flipping. Seergerills says the burner has a maximum temperature of 1,652 degrees Fahrenheit, and the unit even ensures crisp edges thanks to 360-degree heating. The built-in artificial intelligence chef calculates the appropriate cooking time and temperature based on the food, taking into account the desired degree of done
Read more

John Wick heads to Vegas to visit interactive attractions

Image
image: Lionsgate If you’ve ever wanted to fully immerse yourself in John Wick , Lionsgate has got you covered. Later this year, action series is becoming “immersive and interactive” tourist attractions In Las Vegas. Grace Byers on horror and comedy in ‘The Dark’ According to the press release, John Wick Experience Produced in collaboration with series director Chad Stahelski and his production company 87Eleven. The 12,000-square-foot exhibit at the city’s AREA15 campus lets visitors “experience high-stakes adventures and visit themed bars and retail stores open to the public.” Guests will be given specific tasks involving characters and images from the film. They’ll also rub shoulders with Continental employees, crime bosses, and other assassins who (presumably) don’t come into contact with Wick’s bad side at any point in the movie, all in an effort to gain access to private Continental areas and learn about the interesting secret. Jenefer Brown, exec
Read more

Ford prepares for next war, Waymo recalls its self-driving car software, another self-driving startup lays off employees

Image
TechCrunch Mobility is a weekly newsletter dedicated to all things transportation. Sign up here – just click TechCrunch Mobility – and get the newsletter in your inbox every weekend. Subscription is free. welcome back TechCrunch Mobile — A central hub for news and insights about the future of transportation.This week’s news includes BMW Security breach exposes sensitive information, federal agencies fight back against Tesla super bowl ad and a new federal investigation Fisker . But first, I want to talk about my recent visit to the law, where I met some people Ford Executives understand their priorities for 2024 and beyond. It can be said with certainty Chinese electric vehicle manufacturer and Tesla is the most important; in the view of Ford executives, low-cost electric vehicles and cutting-edge software are the best ways to stop these threats. The company’s recently revealed Skunk Works project for electric vehicles is tasked with this task. Ford Chief Financial Officer J
Read more