MDLive filed a motion to dismiss a class-action lawsuit that claims the telehealth provider failed to maintain patient privacy, arguing that users knew their information was being shared with a third party.
In a motion submitted to a Florida federal judge earlier this week, MDLive included the company’s privacy policy and its terms of use that allowed the telehealth provider to share limited user information with third-party contractors.
Two weeks ago, MDLive user Joan Richards filed a class-action lawsuit claiming the company took continuous screenshots during the first 15 minutes of use while patients were entering their medical history. Richard alleged that information was shared with TestFairy, an Israel-based company contracted to identify bugs and track user experience, without the consent of app users. In a statement to FierceHealthcare, MDLive denied the allegations, adding that it had confirmed no evidence of a HIPAA breach.
Related: MDLive faces class-action lawsuit over privacy concerns
Lawyers for MDLive argued that the claims were baseless, pointing to specific language within the user agreement that allows the company to share user information with companies contracted to improve the app's usability.
“Richards’s failure to rely on the actual Terms of Use Contract available on that site, to which every user must affirmatively assent in order to gain access to MDLIVE, is ironic and telling,” the motion stated. “The reason for her avoidance of the contract is clear: MDLIVE’s Terms of Use Contract exposes her lawsuit as baseless.”
MDLive’s privacy policy states the company may disclose personal information provided by users “to contractors, service providers and other third parties we use to support or business.” The motion for dismissal also included screenshots of MDLive’s app illustrating registration process in which users must agree to the terms of use before creating an account.
Related: Datapalooza17—OCR and FTC carve out nuanced approaches to privacy oversight
The latest wrinkle in the case underscores the importance of the language within a privacy policy, an issue that representatives with the Department of Health and Human Services’ Office for Civil Rights and the Federal Trade Commission highlighted during a recent session at Datapalooza.