BetterHelp & GoodRx Are a Good Lesson. The FTC Health Privacy Rule Will Come for You If You’re “Deceiving” Patients.

Health data privacy has a new enforcer in town. This year has been a year of federal crackdowns in the healthcare industry as digital health companies have faced the hammer of the Federal Trade Commission for allegedly sharing customers’ health data for advertising purposes. Last month, the FTC put GoodRx in its scopes for “failing to report its unauthorized disclosure” of personal health information with Big Tech giants Google and Facebook, landing on a $1.5 million civil penalty for the company. GoodRx is now prohibited from “sharing user health data” for advertising purposes, the first time the FTC and the Department of Justice have proposed an order like this, and one of few times the FTC’s health privacy rule, the Health Breach Notification Rule to be more precise, has been enforced in almost 15 years.

Though GoodRx admitted to no wrongdoing, the FTC is feeling eager to keep up the heat on supposed rule-breakers. At the beginning of March, the FTC announced another proposed order that would prohibit the online therapy company, BetterHelp, from “sharing consumers’ personal information with certain third parties for re-targeting.” This was after the FTC determined the company was “deceiving consumers after promising to keep sensitive personal data private.” In an even more unprecedented move, a first of its kind, the FTC is demanding BetterHelp pay its customers back to the tune of $7.8 million. The mental health company acknowledged that it had reached a settlement regarding alleged practices and denied any wrongdoing as well.

There has been quite an increase in data privacy lawsuits in the healthcare and technology sectors in recent years. So, what does the renewed enforcement of the FTC Health Breach Notification Rule mean for digital health companies that rely on consumer information for sustaining their business model?

Melanie’s Thoughts

How can companies maneuver the FTC’s new standards of enforcement while also doing their due diligence to protect customers’ health data? Melanie Musson, healthcare and insurance writer with Clearsurance, shares her thoughts on how companies can move forward to reduce the risk of being in the line of fire of the FTC.

“The public has an idea of what HIPAA is, and for the most part, they think it’s just this broad brushed medical privacy thing. And so, they think anybody that they tell medical information to is going to keep it a secret because everybody is held legally to HIPPA.

So that’s kind of where this deception has come in, where the FTC has cracked down on companies for sharing information because the consumers believe that all their medical information is a secret, so they just give it. And so even though these companies may technically be complying with HIPAA, when they say that they’re HIPAA compliant, what that means to the consumer is that they won’t share information, but that’s not actually what it means to the company. So going forward, I think companies need to pay careful attention to what the FTC is doing.

They’re making an example of the people that are sharing information, kind of misleading the public. And so, I think that the main thing is not to mislead. If you’re going to share information that you can legally share, make sure that your customers understand that and agree to that. So don’t try to pretend like you’re not sharing any information and then share it.” 

Herman’s Thoughts

How can businesses that rely on consumer information as an essential revenue stream continue without running afoul of the FTC? Herman DeBoard III, CEO & co-founder of Huvr Inc. and a former program manager for the state immunizations department for the Center of Disease Control, offer his advice to those digital health companies looking to keep on the right side of the FTC.

“If you look at that rule, it refers to vendors of personal health records, and it requires them to notify consumers following a breach involving unsecured information. There appears to be no breach here. This looks like a case where one company was sharing user information with third parties so they could provide more targeted advertising to those people.

To me, this all goes back to HIPAA. Basically, if you’re a company that collects personal health data, like what prescriptions people are taking, you can’t say that you’re not going to share personal information and then turn around and sell it. So, my advice is, if you are collecting personal health data and plan to share or sell that data, first, get your attorney to add these scenarios to your terms of service and your privacy policy.

Second, in your app, give the users a chance to say, “Do not sell my information,” and make sure your code is honoring that. And if you’re still worried that there’s a legal issue, as long as you de-identify the records, removing information like patient names, locations, and phone numbers, you can give or sell the data to partners for research as much as you want to.

You just have to follow the letter of the law. My company is currently in 50 countries, and the privacy rules around the world are very different in each one. We live in a world where no one has any privacy whatsoever, yet privacy’s a very hot topic politically. So my advice to business owners is to make sure that you take the time to understand the privacy laws in the countries where you operate.

Communicate to your users exactly how you intend to use their information, and always give them the opportunity to opt out.”

Follow us on social media for the latest updates in B2B!

Image

Latest

blue collar
Building Efficient and Engaged Blue-Collar Workforces Begins with Leadership Rooted in Personal Development
November 20, 2024

According to a study by Deloitte and The Manufacturing Institute, over 2.1 million manufacturing jobs could remain unfilled by 2030 due to a lack of skilled talent. This workforce shortage reveals a critical gap in leadership within blue-collar industries. Without strong leadership to develop teams and foster growth, businesses face inefficiencies, low morale, and…

Read More
Paying it Forward: Empowering Career Migration Journeys | Sinead Carbery and Gillian Williams | EP05
Paying it Forward: Empowering Career Migration Journeys
November 20, 2024

On the latest episode of Care Anywhere: The Global Health Workforce Podcast, host Lea Sims sits down with Sinead Carberry, President of International Staffing Solutions, and Gillian Williams, MSN, BS, RN, Senior Director of Clinical Operations, both from AMN Healthcare. The episode delves into the complexities of global career mobility for healthcare professionals, with…

Read More
Healthcare access
Improving Healthcare Access Through Nontraditional Benefits and Discount Plans
November 19, 2024

Healthcare costs are rising steadily, while insurance benefits struggle to offer sufficient coverage, driving demand for practical solutions like nontraditional benefits and discount plans. As premiums rise and coverage limits remain stagnant, many individuals and employers seek alternative ways to manage costs and improve healthcare access. With chronic conditions on the rise, the stakes…

Read More
CSR with Kelem Butts
Leading the Change in Corporate Social Responsibility with Kelem Butts: Tackling Health & Educational Challenges in a Disrupted World
November 19, 2024

In an era where corporate social responsibility (CSR) strategies are rapidly evolving, adapting to new challenges is paramount. As digital transformation accelerates societal shifts, organizations like United Way of Metropolitan Dallas are at the forefront of addressing critical issues, from education to economic mobility. This episode of DisruptED dives into the dynamic world of…

Read More