Updated News Around the World

Telehealth Apps Sharing Consumer Data Draw FTC Crackdown

The Federal Trade Commission is cracking down on the data-sharing practices of telehealth companies, focusing on widespread uses of data that many companies in the industry have failed to disclose to users.

The FTC earlier this month reached a proposed settlement with BetterHelp, a subsidiary of

Teladoc Health Inc.,

TDOC -2.11%

over allegations that the therapy-focused telemedicine company promised to keep users’ health data private but shared it with advertising partners. 

Many telehealth apps have similar data-sharing practices and are likely to face scrutiny as the agency continues to focus on health data, privacy specialists said.

“We’re very concerned by how easy it is for consumers to hand over their most sensitive information,” said Miles Plant, senior privacy and data security attorney at the FTC. 

Mr. Plant said it is important to the FTC to make sure “these companies are honest and transparent about what they’re collecting, what they’re using it for and who they’re disclosing it to.”

BetterHelp settled the charges and didn’t admit wrongdoing. On its website, BetterHelp described its practices as industry-standard and said the FTC was working to “set new precedents around consumer marketing.” 

The FTC’s proposed order, which is expected to be made final by the commission, would require BetterHelp to pay $7.8 million and bar the company from sharing consumers’ health data for advertising. 

Millions of consumers turned to telehealth providers at the onset of pandemic-induced lockdowns, prompting federal authorities to loosen certain restrictions on virtual healthcare, paving the way for tremendous growth. 

Consumers continue to turn to apps for medicine, therapy and other issues. About 80% of respondents to a digital-health survey of U.S. consumers in 2022 said they used telemedicine services, up from 72% in 2021, according to Rock Health, a research and investment firm.

Telehealth revenue is expected to grow 4.6% to $30.4 billion in 2023, according to estimates from the market-research firm IBISWorld.

Nicholson Price,

a professor at the University of Michigan Law School, said many consumers erroneously expect that the Health Insurance Portability and Accountability Act, or HIPAA, safeguards their health data in all contexts.

“HIPAA really doesn’t reach apps or places where patients share their own information,” he said. “So that’s generally not preventing companies or app developers from sharing or selling or licensing this sort of data.”

Such practices are drawing the attention of lawmakers. Last month four senators—

Amy Klobuchar

(D., Minn.),

Susan Collins

(R., Maine),

Maria Cantwell

(D., Wash.) and

Cynthia Lummis

(R., Wyo.)—requested more information from three telehealth companies about their privacy practices.

The FTC has pursued privacy-related settlements with other companies. Earlier this year the prescription-drug discount provider

GoodRx Holdings Inc.

agreed to pay a $1.5 million civil penalty to resolve FTC allegations that it unlawfully disclosed consumers’ personal health information to advertisers. 

GoodRx didn’t admit wrongdoing and proactively addressed the issues before the FTC inquiry began, a company spokeswoman said.

Last year the FTC alleged that Kochava Inc. sold geolocation data that could reveal users’ visits to abortion clinics, addiction-recovery facilities and other sensitive locations. 

Kochava sued the FTC and argued in court that the agency’s allegations “are based on vague, ill-informed references to our business practices and hypotheticals that don’t violate any law,”

Charles Manning,

founder and chief executive of Kochava, said. Kochava complies with all privacy laws, he said. 

The FTC sued Kochava. Both suits are pending.

In 2021, the FTC settled with the menstruation-tracking app Flo Health Inc. over allegations that it improperly shared personal data with Facebook and others. Flo Health didn’t admit wrongdoing in its settlement and has since completed an external, independent privacy audit, a company spokeswoman said. 

The Wall Street Journal reported in 2019 that Flo Health’s data was used to target online ads, despite Flo Health’s promises that the information would be kept private.

Studies have shown that apps providing mental-health services often share users’ data with third parties—sometimes in an anonymized form and sometimes along with personal, identifiable information such as an email address. 

Of 32 mental-health-app privacy policies that the Mozilla Foundation studied for its “Privacy Not Included” report published last year, 25 either acknowledged that they shared user data with third parties for advertising purposes or didn’t say whether they did.

“This puts companies on notice, especially companies that are dealing with really sensitive data, that the FTC is going to be on the lookout,” said

Sara Collins,

senior policy counsel at the consumer-advocacy nonprofit Public Knowledge.

In BetterHelp’s case, the commission alleged that the app revealed consumer data from 2017 to 2020 to third-party ad networks such as Facebook, Snapchat, Pinterest and Criteo—effectively telling them which of their users were seeking or receiving therapy—despite promising to keep such data private.

BetterHelp didn’t indicate in its privacy policy whether it would share user data for advertising purposes, according to the FTC complaint. The app made users promises such as “Rest assured—any information provided in this questionnaire will stay private between you and your counselor,” according to the FTC complaint.

Michael Ulrich,

a professor at Boston University’s School of Public Health who has studied privacy in telehealth apps, said, “It’s common for companies to use language like that to try to give the consumer the idea that they are more protected than they actually are.”

Under the proposed order, the $7.8 million must be used to partially refund consumers who signed up for and paid for BetterHelp’s services between August 2017 and December 2020. The proposed order is the commission’s first-ever action that returns funds to consumers whose health data was compromised, according to the agency’s press release.

The FTC has traditionally been able to get money back to consumers who purchased products based on a deceptive material representation, said

Daniel Kaufman,

a partner at the law firm Baker & Hostetler LLP and former deputy director of the FTC’s bureau of consumer protection.

Refunding money in a data-privacy case—and determining the proper amount to give—is more difficult, Mr. Kaufman said.

“The fact that the agency is seeking money in a case like this is a strong signal that the FTC will continue to focus on health-privacy issues and will be broadly interpreting its authority,” he said.

—Rolfe Winkler contributed to this article.

Write to Patience Haggin at [email protected]

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.