Alleged Patient Privacy Violations Means MDLive Faces Class Action Lawsuit

by | Apr 26, 2017

A class action lawsuit has been filed following an allegation claiming that telemedicine company MDLive violated the privacy of patients by releasing sensitive medical information to a third party without informing, or obtaining consent from, subscribednpatients.

App users are asked to enter in a range of sensitive information into the MDLive app during registration. However, the complainant alleges that, during the first 15 minutes of use the app takes an average of 60 screenshots. These screenshots are then sent to an Israeli company called Test Fairy, which conducts quality control tests for MDLive.

The class action lawsuit alleges that patients are not advised that their information is disclosed to a third-party company, and that all personal data entered into the app can be viewed by MDLive employees, despite the fact that  there is no reason for those employees to be able to view this personal data.

Subscribers to the app enter their medical information during setup in order to locate local healthcare providers. The types of information entered by users includes sensitive data such as current health conditions, recent medical treatments, behavioral health histories, family medical histories and details of any allergies. According to the lawsuit, the screenshots are “covertly” distributed to Test Fairy “in near real time.”

The lawsuit suggests patients using the app are likely to make the assumption that their data will be kept private and that reasonable security measures will be employed to prevent any public disclosures. However, the lawsuit states that “Contrary to those expectations, MDLive fails to adequately restrict access to patients’ medical information and instead grants unnecessary and broad permissions to its employees, agents, and third parties.”

The lawsuit was filed by the Illinois law firm Edelson PC with app subscriber Joan Richards named as the plaintiff. Typically, for a class action lawsuit to succeed, an unauthorized disclosure of medical information must result in harm being caused.

Edelson PC attorney Chris Dore stated, “Our complaint alleges that the harm is complete at the point that this information is collected without permission.”

MDLive claims that the class action lawsuit is “baseless,” saying that no data breach has occurred, HIPAA Rules have not been violated and any data entered into the app is secure. While data are disclosed to authorized third parties, those third parties are “bound by contractual obligations and applicable laws.” MDLive also claims any data disclosed is only used for the purpose for which that disclosure is made.

MDLive is seeking to have the class action lawsuit dismissed.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy