Motion Filed to Dismiss ‘Baseless’ MDLive HIPAA Lawsuit

A motion has been submitted to dismiss a MDLive HIPAA lawsuit that was filed b y a plaintiff who alleges the firm improperly disclosed protected health information to a third party without informing or obtaining consent from users of the telehealth platform.

The MDLive HIPAA lawsuit was filed by plaintiff Joan Richards, who alleges MDLive takes screenshots of data entered on the app on multiple occasions during the first 15 minutes of use. During that time, users enter in sensitive data into the app in order to find a local healthcare provider.

The plaintiff alleges that those screenshots are sent to a third party – an Israel-based company called Test Fairy. The lawsuit alleges Test Fairy is provided with the screenshots to track users’ experiences and search for bugs in the app. However, the plaintiff alleges that users are not informed that their sensitive data are captured and sent to a third party and consent to share those data has not been obtained from users. The plaintiff alleges this is a privacy violation and a breach of HIPAA Rules.

In the motion to dismiss the MDLive HIPAA lawsuit, the telemedicine firm says the plaintiff’s claims are ‘misleading,’ that there has not been a data breach and that HIPAA Rules have not been violated. In the motion to dismiss the lawsuit, MDlive says the plaintiff’s claims are ‘baseless’.

MDLive has confirmed the Test Fairy tool is used and that data are supplied in order to perform specific data functions. However, the firm is under contract and must ensure all data remain confidential. MDLive CEO Scott Decker issued a statement saying “Our services, policies and procedures are designed to keep personally identifiable information secure and meet the strictest legal and regulatory standards.”

MDLive has published a fact sheet on its website confirming that no data breach has occurred and that patients’ data are safe and secure. The fact sheet explains that while Test Fairy is provided with certain data, the tool is used in the development of the app and that patient data from consultations with physicians are not disclosed at any point.

MDLive has also confirmed that consent to share data is obtained from users, as before use they use the app they are required to accept MDLive’s terms and conditions. In the T&Cs, patients are informed that MDLive may disclose personal information to contracted third parties. Therefore, the MDLive believes the plaintiff’s claims are entirely without merit.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news