Cloud-based electronic medical record (EMR) company Practice Fusion has agreed to settle an enforcement action with the FTC that alleges that it misled consumers when it solicited reviews of their doctors. The FTC alleges that Practice Fusion failed to tell consumers that the reviews would be posted on the internet, “resulting in the public disclosure of patients’ sensitive personal and medical information.”

According to the FTC, “Practice Fusion’s actions led consumers to share incredibly sensitive health information without realizing it would be made public.”

The FTC listed three examples of information consumers provided, which shows they thought the information would be shared only with the provider and not with the public. The examples include information relating to dosing of the anti-anxiety medication Xanax, help with a depressed child, and diagnosis of a yeast infection.

The settlement agreement will require Practice Fusion to stop misrepresenting how it will use, maintain and protect the confidentiality of the information it collects,  and must obtain consumers’ affirmative consent before making the information accessible to the public.

The agreement is open to public comment until July 8, 2016.