How Was Your Visit? The FTC’s Latest Lesson About Soliciting & Disclosing Consumer Feedback

Published On June 9, 2016 | By Kandi Parsons | FTC & State AG
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

In a settlement with Practice Fusion, the Federal Trade Commission (FTC) alleged that the electronic health records provider tricked consumers into believing they were providing feedback to their doctors when in fact, the company populated its online provider directory with the reviews.

The complaint alleged that Practice Fusion emailed “How was your visit” surveys to patients following doctors’ visits and requested the patients rate and submit comments about their providers. The surveys indicated they were sent on behalf of specific physicians and did not inform patients the reviews would be made public. An option to keep the review anonymous only resulted in it being posted under an “anonymous” handle but did not remove any identifying or sensitive health information from the comments box. The survey contained a link to Practice Fusion’s patient authorization terms, which stated that the company could publish the review. Users had to click they agreed to the authorization but did not have to open or read it in order to accept the terms. The FTC alleged that, given all the facts, this disclosure was not adequate. After a year of accumulating responses, the company launched its provider directory with over 600,000 patient reviews, some of which included consumers’ names, phone numbers, and sensitive health information such as medical conditions, procedures, medications, and questions to physicians.

Under the settlement, Patient Fusion has to clearly inform individuals, separate from a privacy policy or terms, if it plans to publicize patient information and obtain affirmative consent to do so. The case serves as a reminder to inform customers in advance and in a meaningful way how you will use their information, particularly if you plan to publicize or use sensitive information.

 

About The Author

Kandi counsels clients on privacy and data security issues, online and general advertising, and marketing practices, including COPPA compliance, student privacy, and the Internet of Things. Kandi advises companies on collecting, protecting, and using consumer data and helps them develop and implement comprehensive privacy and security programs. Drawing on her tenure at the FTC, Kandi assists clients in responding to FTC and state AG enforcement actions. Prior to joining ZwillGen, Kandi spent eight years in the FTC’s Division of Privacy and Identity Protection. While at the FTC, Kandi served on detail for six months to the United States Senate, Committee on Commerce, Science, and Transportation.

Leave a Reply

Your email address will not be published. Required fields are marked *