Online therapy provider BetterHelp faced the consequences of sharing users' sensitive mental health information with third parties for advertising purposes.
The Federal Trade Commission (FTC) has imposed a $7.8 million fine on online therapy provider BetterHelp and banned the company from sharing sensitive mental health information with third parties such as Facebook, Snapchat, Criteo, and Pinterest.
The decision follows the FTC's discovery that BetterHelp violated its privacy promises and mishandled users' mental health information, raising questions about its compliance with the Health Insurance Portability and Accountability Act (HIPAA).
BetterHelp assured users that their personal health data would only be used for limited purposes, such as providing counseling services. However, the FTC's investigation revealed that the company shared consumers' email addresses, IP addresses, and health questionnaire information with third parties for advertising purposes. The FTC also found that BetterHelp did not obtain users' affirmative express consent before disclosing their health data.
According to the FTC, BetterHelp used targeted advertising to boost revenue by leveraging consumers' sensitive information. The company gained tens of thousands of new paying users and millions of dollars in revenue by identifying and targeting similar consumers.
The FTC's complaint also highlighted that BetterHelp failed to maintain sufficient policies or procedures to protect sensitive information, neglecting to limit how third parties could use consumers' health data. This allowed companies like Facebook to use the information for their own internal purposes, such as research and development or improving advertising.
In response to BetterHelp's privacy violations, the FTC has imposed a $7.8 million fine and banned the company from sharing sensitive consumer data with third parties. This enforcement action sends a strong message to telehealth providers about the importance of adhering to privacy regulations and maintaining user confidentiality.
Samuel Levine, Director of the FTC's Bureau of Consumer Protection, stated, "When a person struggling with mental health issues reaches out for help, they do so in a moment of vulnerability and with an expectation that professional counseling services will protect their privacy. Instead, BetterHelp betrayed consumers' most personal health information for profit. Let this proposed order be a stout reminder that the FTC will prioritize defending Americans' sensitive data from illegal exploitation."
As part of the settlement, BetterHelp is required to obtain users' express consent before sharing their sensitive information with third parties, implement a comprehensive data security program, and undergo biennial assessments by a third party to ensure compliance with privacy regulations.
The FTC's decision emphasizes the need for continuous oversight and regulatory enforcement in the telehealth industry to ensure patient privacy and trust in digital healthcare services. The case highlights the importance of obtaining explicit user consent, implementing proper data security measures, and setting clear limitations on third-party use of sensitive information.
Related: HIPAA Compliant Email: The Definitive Guide
Users should be aware of the data they share with telehealth service providers and the potential risks associated with data misuse or unauthorized disclosure. Consumers are encouraged to familiarize themselves with telehealth providers' privacy policies and seek services from platforms that prioritize and demonstrate compliance with privacy regulations.
As the telehealth industry grows, companies must prioritize ethical data practices, HIPAA compliance, and robust security measures to maintain consumer trust and ensure the long-term success of digital healthcare services. Government agencies, such as the FTC, play a crucial role in balancing innovation in digital healthcare services with protecting consumer privacy, particularly as telehealth services become increasingly popular.