MDLive Class Action Says Telehealth App Secretly Collects Patient Info

MDLive Inc., the maker of an app patients use to consult medical personnel on their mobile phones, was hit with a class action lawsuit alleging the app, Telehealth, violates patient privacy by covertly capturing sensitive data and failing to securely transmit and store the data.

Lead plaintiff Joan Richards says the Telehealth mobile app secretly captures screenshots of patient information. The plaintiff alleges further that the data is stored in a manner that allows medical personnel and other MDLive employees to access it without restriction.

According to the class action, MDLive’s Telehealth app allows users to access doctors and therapists through their mobile phone or other device for $49. Unbeknownst to the users, a wide range of MDLive personnel and other third parties have access to the medical information the users provide.

The plaintiff alleges that the Telehealth app takes an average of 60 screenshots during the first 15 minutes the program is in use and, in fact, the app is programed that way. The plaintiff points out that during this time, users are generally registering and entering their medical history.

“Patients provide their medical information to MDLive in order to obtain health care services and reasonably expect that MDLive will use adequate security measures, including encryption and restricted permissions, to transmit patients’ medical information to treating physicians,” alleges the plaintiff in her complaint. “Contrary to those expectations, MDLive fails to adequately restrict access to patients’ medical information and instead grants unnecessary and broad permissions to its employees, agents, and third parties.”

According to the class action lawsuit, the app is programmed to solicit sensitive information, such as a person’s past medical procedures, including mental health status. This information is then made available to Telehealth app developers at MDLive, says the plaintiff.

“In short, the screenshots containing highly sensitive medical information are accessible to MDLive employees (and potentially unknown third parties) who have no reason or permission to see it,” argues the plaintiff in her complaint.

In addition, MDLive also sends that information to a third party, TestFairy, to evaluate the app, but does not ask for permission or for any feedback from users, alleges Richards.

“TestFairy,” notes the plaintiff in her complaint, “is not a health care provider and MDLive patients are not made aware that MDLive will send their medical information to TestFairy in near real time.”

The plaintiff is seeking to represent a nationwide Class of Telehealth app users along with a subclass of Utah residents. The class action claims include breach of contract, intrusion upon seclusion, fraud, unjust enrichment, violation of the Utah Truth in Advertising Law and violation of the Utah Consumer Sales Practices Act.

According to the class action, MDLive should pay more than $5 million in damages. The plaintiff is also seeking injunctive relief along with attorneys’ fees.

Richards is represented by Dillon Brozyna of Edelson PC.

The Telehealth Privacy Class Action Lawsuit is Joan Richards v. MDLive Inc., Case No. 0:17-cv-60760, in the U.S. District Court for the Southern District of Florida.

UPDATE: On June 2, 2017, the Telehealth Privacy class action lawsuit was voluntarily dismissed at the request of the plaintiff.