In the hierarchy of confidential information, health information ranks high. Within the hierarchy of health information, details about a person’s mental health are perhaps the most confidential. But online consulting service BetterHelp doesn’t think so, according to the Federal Trade Commission. The FTC said the company repeatedly urged people to participate in surveys and hand over sensitive health information through unavoidable prompts. It also promised to keep the information confidential with the following statement: “Please be assured – any information provided in this questionnaire will remain confidential between you and your advisor.” But from the FTC’s perspective, the true statement should be “Rest assured – we plan to share your message with major advertising platforms like Facebook, Snapchat, Criteo and Pinterest.” The FTC’s proposed settlement with BetterHelp includes $7.8 million in partial refunds to BetterHelp customers and sends a clear message , the FTC takes this betrayal of trust very seriously.
BetterHelp offers online counseling services under this name as well as specialized versions for specific audiences, such as Pride Counseling for members of the LGBTQ community, Faith Counseling for those of the Christian faith, Terappeuta for Spanish-speaking clients, and Youth Counseling for teens. Registered with parent permission.
Since BetterHelp was founded, more than 2 million people have signed up to entrust the company with their personal information, much of it related to their health and mental health. For example, the company’s questionnaire asked people to reveal whether they were “experiencing overwhelming sadness, grief, or depression” and whether they had thoughts “that they would be better off dead or injured.” [themselves] In some way,” if they’re taking medication and if they’ve been treated before.
To alleviate concerns about personal information being leaked online or through apps, BetterHelp makes various confidentiality promises to consumers. Visitors to the site are told at the outset that the company collects “general and anonymous background information about you and the issues you wish to address in online therapy” so that the person can be matched with the “most appropriate therapist.” While the exact wording has changed over time, the company has assured people that their private information will remain private except for some narrow uses related to providing online counseling services. Additionally, for more than three years, BetterHelp has told people considering joining Loyalty Counseling, Pride Counseling, or Teen Counseling that their email addresses would be “strictly confidential” and “never shared, sold, or disclosed to anyone.”
Despite these promises, the FTC said BetterHelp used multiple tactics to share the health information of more than 7 million consumers with platforms such as Facebook, Snapchat, Criteo and Pinterest for advertising purposes. You’ll need to read the complaint for details, but these are just a few examples. In 2017, BetterHelp allegedly uploaded the email addresses of all current and former customers to Facebook (nearly 2 million in total) and targeted them with ads referring their Facebook friends to BetterHelp for mental health services. In another period, BetterHelp disclosed to Facebook for advertising purposes the treatment of 1.5 million people who visited or used BetterHelp’s website, the FTC said.Source of this information: Their responses to the intake question “Have you ever had counseling or therapy before?”
But that’s not all. According to the complaint, BetterHelp violated its privacy commitment by disclosing the IP and email addresses of approximately 5.6 million former visitors to Snapchat in order to serve BetterHelp ads to them. Additionally, over a six-month period, the company disclosed to Criteo the email addresses of more than 70,000 visitors, including people who investigated Pride Consulting and Loyalty Consulting. Likewise, over the course of a year, BetterHelp disclosed visitor email addresses to Pinterest. What is BetterHelp about? “Using this health information for advertising,” the complaint states. [BetterHelp] Bringing in hundreds of thousands of new users, generating millions of dollars in additional revenue. “
In February 2020, people complained to the company when a news website revealed that BetterHelp was sharing consumers’ health data with third parties. As one person said, “I did not consent to my messages being shared with anyone. Especially ads that targeted my mental health ‘vulnerabilities’. ”BetterHelp’s reaction? The FTC said the company doubled down on its deception by falsely denying that it had shared consumers’ personal information, including their health information, with third parties.
The eight-count complaint details how the FTC says BetterHelp’s allegedly deceptive and unfair practices harmed consumers. The proposed order in the case would require BetterHelp to pay $7.8 million to provide partial refunds to people who signed up and paid for BetterHelp services between August 1, 2017, and December 31, 2020. In addition, the proposed order prohibits BetterHelp from sharing consumers’ health data for advertising or sharing their personal information for retargeting (advertising to consumers who have visited the company’s website or used its app). The settlement agreement also includes provisions limiting BetterHelp’s future sharing of data. The company must contact affected consumers directly about the case and must instruct third parties to delete consumers’ health and other personal data that BetterHelp shared with them. You will have 30 days after the proposed settlement is published in the Federal Register to submit public comments.
The case provides a key point of guidance for other companies: deliver on your privacy promises. Tell the truth and obtain explicit consent from consumers before sharing any health information.
Here are other points to consider.
Simply due to the nature of the product or service, “personal information” may be “health information.” Generally speaking, email addresses may not be considered “health information”—unless, of course, the source of the information is a health-related service. In the case of BetterHelp, most people visit the site to seek mental health help. Therefore, the mere fact that BetterHelp, Pride Counseling or Faithful Counseling is the source of their email or IP address discloses highly sensitive information to third parties. The message to others in the industry: context matters.
Develop policies, practices, and procedures to protect health information. As the FTC complaint makes clear, a lack of appropriate safeguards can result in unfair and deceptive practices related to the collection, use and disclosure of health information. For example, the complaint alleges that BetterHelp failed to develop written policies and procedures to protect the privacy of health information. And it failed to properly train and supervise employees who handled this health information. It also failed to obtain explicit consent from consumers before disclosing consumers’ health information to third parties, and failed to contractually restrict those third parties from using the data for their own purposes.
Ditch the deceptive design. As discussed in detail in the complaint, while BetterHelp guides consumers through a series of prominent prompts to hand over personal information, the company places privacy “disclosures” behind links that are hard to find and hard to read. Even the section of the website with a link to the privacy policy includes this assurance: “We will never sell or rent any information you share with us.” Once BetterHelp makes this promise, consumers have the possibility of pursuing the issue further. How big is it? What’s more, the FTC said that even if people were able to browse the company’s privacy policy, they still wouldn’t be able to directly understand how BetterHelp transfers highly personalized information to advertising platforms.
“Propagating the hash” does not necessarily protect consumers’ personal data. Although BetterHelp hashes people’s email addresses before sharing them with third parties (in other words, converts them into a series of letters and numbers through an encryption tool), the hashing is done only to hide the addresses in order to Prevent security breaches from occurring. The FTC said BetterHelp knew that third parties such as Facebook would effectively unhash, thereby revealing the email addresses of people who had visited BetterHelp’s website seeking mental health services. Once Facebook has those addresses, it can easily match them with the emails of people who have Facebook accounts. What can other companies learn from this example? Of course, hashing may be necessary in some cases, but if a third party can unhash the data, the privacy of consumer information cannot be protected.
Monitor the flow of data to all third parties that your website or application may transmit via web beacons, pixels or other tracking technologies. It is illegal to make privacy promises to consumers without taking into account any information passed to third parties through various forms of advertising technology. It boils down to this: Don’t make privacy promises that your practices can’t deliver on.
A picture is worth a thousand words when it comes to communicating a proposition to consumers. Almost all BetterHelp pages display multiple seals from third parties. Among them is a description of the medical wand and the term “HIPAA.” The complaint alleges that BetterHelp used the visual to send a false signal to consumers that a government agency or other third party had reviewed the company’s practices and determined that it complied with HIPAA requirements. Have you checked your website recently for graphics that might be sending similar deceptive messages?
We are unable to provide specific information about the refund process until the settlement proposed by the FTC and BetterHelp is finalized. Bookmark the FTC Refunds page and stay tuned for more information.
3 Comments
Pingback: FTC says online counseling service BetterHelp pushed people to hand over health information and violated its privacy pledge – Tech Empire Solutions
Pingback: FTC says online counseling service BetterHelp pushed people to hand over health information and violated its privacy pledge – Mary Ashley
Pingback: FTC says online counseling service BetterHelp pushed people to hand over health information and violated its privacy pledge – Paxton Willson