BetterHelp & GoodRx Are a Good Lesson. The FTC Health Privacy Rule Will Come for You If You’re “Deceiving” Patients.

Health data privacy has a new enforcer in town. This year has been a year of federal crackdowns in the healthcare industry as digital health companies have faced the hammer of the Federal Trade Commission for allegedly sharing customers’ health data for advertising purposes. Last month, the FTC put GoodRx in its scopes for “failing to report its unauthorized disclosure” of personal health information with Big Tech giants Google and Facebook, landing on a $1.5 million civil penalty for the company. GoodRx is now prohibited from “sharing user health data” for advertising purposes, the first time the FTC and the Department of Justice have proposed an order like this, and one of few times the FTC’s health privacy rule, the Health Breach Notification Rule to be more precise, has been enforced in almost 15 years.

Though GoodRx admitted to no wrongdoing, the FTC is feeling eager to keep up the heat on supposed rule-breakers. At the beginning of March, the FTC announced another proposed order that would prohibit the online therapy company, BetterHelp, from “sharing consumers’ personal information with certain third parties for re-targeting.” This was after the FTC determined the company was “deceiving consumers after promising to keep sensitive personal data private.” In an even more unprecedented move, a first of its kind, the FTC is demanding BetterHelp pay its customers back to the tune of $7.8 million. The mental health company acknowledged that it had reached a settlement regarding alleged practices and denied any wrongdoing as well.

There has been quite an increase in data privacy lawsuits in the healthcare and technology sectors in recent years. So, what does the renewed enforcement of the FTC Health Breach Notification Rule mean for digital health companies that rely on consumer information for sustaining their business model?

Melanie’s Thoughts

How can companies maneuver the FTC’s new standards of enforcement while also doing their due diligence to protect customers’ health data? Melanie Musson, healthcare and insurance writer with Clearsurance, shares her thoughts on how companies can move forward to reduce the risk of being in the line of fire of the FTC.

“The public has an idea of what HIPAA is, and for the most part, they think it’s just this broad brushed medical privacy thing. And so, they think anybody that they tell medical information to is going to keep it a secret because everybody is held legally to HIPPA.

So that’s kind of where this deception has come in, where the FTC has cracked down on companies for sharing information because the consumers believe that all their medical information is a secret, so they just give it. And so even though these companies may technically be complying with HIPAA, when they say that they’re HIPAA compliant, what that means to the consumer is that they won’t share information, but that’s not actually what it means to the company. So going forward, I think companies need to pay careful attention to what the FTC is doing.

They’re making an example of the people that are sharing information, kind of misleading the public. And so, I think that the main thing is not to mislead. If you’re going to share information that you can legally share, make sure that your customers understand that and agree to that. So don’t try to pretend like you’re not sharing any information and then share it.” 

Herman’s Thoughts

How can businesses that rely on consumer information as an essential revenue stream continue without running afoul of the FTC? Herman DeBoard III, CEO & co-founder of Huvr Inc. and a former program manager for the state immunizations department for the Center of Disease Control, offer his advice to those digital health companies looking to keep on the right side of the FTC.

“If you look at that rule, it refers to vendors of personal health records, and it requires them to notify consumers following a breach involving unsecured information. There appears to be no breach here. This looks like a case where one company was sharing user information with third parties so they could provide more targeted advertising to those people.

To me, this all goes back to HIPAA. Basically, if you’re a company that collects personal health data, like what prescriptions people are taking, you can’t say that you’re not going to share personal information and then turn around and sell it. So, my advice is, if you are collecting personal health data and plan to share or sell that data, first, get your attorney to add these scenarios to your terms of service and your privacy policy.

Second, in your app, give the users a chance to say, “Do not sell my information,” and make sure your code is honoring that. And if you’re still worried that there’s a legal issue, as long as you de-identify the records, removing information like patient names, locations, and phone numbers, you can give or sell the data to partners for research as much as you want to.

You just have to follow the letter of the law. My company is currently in 50 countries, and the privacy rules around the world are very different in each one. We live in a world where no one has any privacy whatsoever, yet privacy’s a very hot topic politically. So my advice to business owners is to make sure that you take the time to understand the privacy laws in the countries where you operate.

Communicate to your users exactly how you intend to use their information, and always give them the opportunity to opt out.”

Follow us on social media for the latest updates in B2B!

Image

Latest

Scott Stevens
A Father’s Legacy: Balancing Career and Parenthood in the Tech Industry with Scott Stevens
December 19, 2024

For Scott Stevens, a veteran of the semiconductor and PC industry, it’s not just the innovation and technological revolutions that mark the timeline of his journey. More precious are the personal milestones: the births of his three children, Jenny, Will, and Cole. As a dedicated father, he prioritized carving out time during his bustling…

Read More
Vibration solutions for microscopes
Tailored Vibration Solutions for Microscopes Enhance Accuracy, Stability & Precision
December 19, 2024

Welcome to another engaging episode of “Vibrations,” a TMC podcast hosted by Daniel Litwin, the voice of B2B. This episode dives deep into the intricacies of tailored vibration solutions for microscopes, an essential tool in various scientific and industrial settings. Join us as we explore how these solutions enhance the functionality and precision of…

Read More
Madewell
Madewell’s Data Driven Evolution for Today’s Consumer
December 19, 2024

In the ever-evolving world of retail, success hinges on understanding the modern consumer’s priorities: personalized shopping, timeless quality, and seamless experiences. Madewell, a denim-first brand, has leaned into these trends by redefining its in-store shopping and product strategies. With the rise of digital integration and customer-driven design, the stakes have never been higher for…

Read More
Retail Reimagined: Unpacking the Retail in Box for Small & Medium Retailers
Retail Reimagined: Unpacking the Retail in Box for Small & Medium Retailers
December 19, 2024

India’s retail sector is experiencing a digital revolution, and Intel’s Retail in a Box is leading the charge. In this episode of To the Edge and Beyond, host Michelle Dawn Mooney explores how this innovative solution integrates AI-driven analytics and advanced POS systems to streamline operations for India’s 10-13 million kirana stores and small…

Read More