Financial Services Law Developments: FYI: FTC Settles Inadequate NPI/Data Security Action w/ Debt Collector as "Unfair Act or Practice," Says Collecting from Consumers While in Medical Facility Raises Serious FDCPA Concerns

Friday, January 3, 2014

FYI: FTC Settles Inadequate NPI/Data Security Action w/ Debt Collector as "Unfair Act or Practice," Says Collecting from Consumers While in Medical Facility Raises Serious FDCPA Concerns

The Federal Trade Commission recently settled charges related to a company's inadequate protection of sensitive consumer information, based largely on the theft of an employee's laptop computer, containing 20 million pieces of information on 23,000 patients, from the passenger compartment of the employee's car.

FTC alleged that the company's inadequate data security measures unfairly exposed sensitive consumer information to the risk of theft or misuse, which the FTC alleged was an "unfair act or practice" in violation of Section 5(a) of the FTC Act, 15 U.S.C. 45(a).

Referencing the federal Fair Debt Collection Practices Act, but declining to recommend an FDCPA lawsuit "at this time," the FTC also stated that the practice of attempting to collect payment for prior debts from consumers while they are seeking treatment in an emergency room or other medical facility "raises serious concerns."

A copy of the complaint is available at:

http://www.ftc.gov/sites/default/files/documents/cases/131231accretivehealthcmpt.pdf

The FTC's complaint against the company alleged that the company failed to provide reasonable and proper security measures and procedures to protect consumers' personal information, including sensitive personal health data. The company had access to a wealth of personal information about its hospital clients' patients, including names, dates of birth, Social Security numbers, billing information, and medical diagnostic information.

The FTC's Complaint further alleged that the company's failure to adequately safeguard its sensitive information led to a July 2011 security breach where an employee's laptop computer, containing 20 million pieces of information on 23,000 patients, was stolen from the passenger compartment of the employee's car. The FTC alleged that the company created needless risks by transporting laptops that contained sensitive personal information in a way that left them vulnerable to theft.

The FTC's Complaint also alleged that the company failed to employ acceptable procedures to ensure that employees removed consumers' personal information that they no longer required from their computers. The FTC's Complaint further alleged that in certain instances, when the company used the personal health information of consumers in training sessions for employees, it failed to remove that information from employees' computers after the completing the training. In addition, the FTC alleged that the company failed to adequately restrict employee access to consumers' personal information based on an employee's need for the sensitive information.

Pursuant to the settlement, the company must design and implement a comprehensive information security program to protect consumers' sensitive information. The security program must be evaluated by a certified third party upon implementation and every two years thereafter for the next twenty years.

The FTC also sent a letter to the company stating that it would not recommend an enforcement action related to allegations regarding the company's debt collection attempts from consumers that are hospitalized. The FTC declined to recommend a Fair Debt Collection Practices Act case against the company at this time, but expressed serious concern over the company's alleged practice of attempting to collect payment for prior debts from consumers while they are seeking treatment in an emergency room or other medical facility.

The Commission voted 4-0 to accept the consent agreement package containing the proposed consent order. The FTC will soon publish a description of the consent agreement in the Federal Register. The consent agreement will be subject to public comment through Thursday, Jan. 30, 2014, after which the FTC will decide whether to finalize the proposed consent order.

The FTC invited interested parties to submit written comments electronically or in paper form, as described in the press release:

http://www.ftc.gov/news-events/press-releases/2013/12/accretive-health-settles-ftc-charges-it-failed-adequately-protect

Ralph T. Wutscher
McGinnis Wutscher Beiramee LLP
The Loop Center Building
105 W. Madison Street, 18th Floor
Chicago, Illinois 60602
Direct: (312) 551-9320
Fax: (312) 284-4751
Mobile: (312) 493-0874
Email: RWutscher@mwbllp.com

Admitted to practice law in Illinois

McGinnis Wutscher Beiramee LLP

CALIFORNIA | FLORIDA | ILLINOIS | INDIANA | WASHINGTON, D. C.

www.mwbllp.com

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.

Our updates are available on the internet, in searchable format, at:
http://updates.mwbllp.com

PLEASE NOTE:

The editor and sponsoring law firm of this blog represent and serve banks, lenders, loan buyers, loan servicers, debt collectors, and other financial services companies. We do not represent consumers.

Any communications or information obtained may be provided to our clients, including for the purpose of debt collection.

The information in this blog and related updates is general in nature, and should not be considered legal advice.

Legal advice requires a full and complete understanding of a particular situation. Your situation may involve material facts that prevent the direct application of the information in this blog and related updates.

You will not become a client of the editor or sponsoring law firm simply by reading this blog.

In order to become a client of the editor or sponsoring law firm, the editor or sponsoring law firm must agree to represent you in writing.

Until we agree to represent you in writing, we are not prevented from representing any other party.

Until you are a client of the editor or sponsoring law firm, any communications with us will not be confidential.

The Editor's Bio

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, 33rd Floor
Chicago, Illinois 60602
Direct: (312) 493-0874
RWutscher@MauriceWutscher.com
https://www.MauriceWutscher.com/

Ralph Wutscher's practice focuses primarily on representing depository and non-depository mortgage lenders and servicers, as well as mortgage loan investors, distressed asset buyers and sellers, loss mitigation companies, automobile and other personal property secured lenders and finance companies, credit card and other unsecured lenders, and other consumer financial services providers. He represents the consumer lending industry as a litigator, and as regulatory compliance counsel.

Ralph has substantial experience in defending private consumer finance lawsuits, including cases ranging from large interstate putative class actions to localized single-asset cases, as well as in responding to regulatory investigations and other governmental proceedings. His litigation successes include not only victories at the trial court level, but also on appeal, and in various jurisdictions. He has successfully defended numerous putative class actions asserting violations of a wide range of federal and state consumer protection statutes. He is frequently consulted to assist other law firms in developing or improving litigation strategies in cases filed around the country.

Ralph also has substantial experience in counseling clients regarding their compliance with federal laws, and with state and local laws primarily of the Midwestern United States. For example, he regularly provides assistance in connection with portfolio or program audits, consumer lending disclosure issues, the design and implementation of marketing and advertising campaigns, licensing and reporting issues, compliance with usury laws and other limitations on pricing, compliance with state and local “predatory lending” laws, drafting or obtaining opinion letters on a single- or multi-state basis, interstate branching and loan production office licensing, evaluations and modifications of new or existing products and procedures, debt collection and servicing practices, proper methods of responding to consumer inquiries and furnishing consumer information, as well as proposed or existing arrangements with settlement service providers and other vendors, and the implementation of procedural or other operational changes following developments in the law.

Ralph is a member of the Governing Committee of the Conference on Consumer Finance Law. He is also the immediate past Chair of the Preemption and Federalism Subcommittee for the ABA's Consumer Financial Services Committee. He served on the Law Committee for the former National Home Equity Mortgage Association, and completed two terms as Co-Chair of the Consumer Credit Committee of the Chicago Bar Association.

Ralph received his Juris Doctor from the University of Illinois College of Law, and his undergraduate degree from the University of California at Los Angeles (UCLA). He is a member of the national Mortgage Bankers Association, the American Bankers Association, the Conference on Consumer Finance Law, DBA International, the ACA International Members Attorney Program, as well as the American and Chicago Bar Associations.

Ralph is admitted to practice in Illinois, as well as in the United States Court of Appeals for the Seventh Circuit, the United States District Courts for the Northern and Southern Districts of Illinois, and the United States District Court for the Eastern District of Wisconsin, and has been admitted pro hac vice in various jurisdictions around the country.