Mental Health Sites Sharing Sensitive Patient Data
Cybersecurity
When we think of wellness, we often think of eating balanced meals and getting enough exercise and sleep to keep our bodies functioning at the highest levels possible. While those three areas are essential to overall health, they do not make up the whole picture of a healthy person. Mental health has thankfully become an area which people are working to prioritize more and more so that their health can be truly well-rounded. This venture into care for one’s mental health looks different from person to person, but for many, therapy is a place where they are able to talk through whatever is on their mind.
As with many industries over the last few years, the world of talk therapy has moved into online space so that individuals can gain access to mental health professionals from the comfort of their own homes. This has proven to be incredibly beneficial for many, however, those who have opted for this route of self-care may be troubled to realize that the companies they trusted with their information failed to protect it.
Cerebral
The online therapy and mental health assessment company, Cerebral, admitted earlier this month that they have been inadvertently sharing sensitive information with companies such as Google, TikTok, and, Facebook and Instagram parent company, Meta, since late 2019 through its use of tracking pixels. Data for over 3.1 million patients was exposed during this time including patient names, phone numbers, email addresses, IP addresses, and information related to treatment as well. Disturbingly, it appears that even the answers that people provided on the initial self-assessments to get placed with their therapists and to receive prescriptions were exposed as well. Cerebral not only has to deal with the incredible hit to their reputation, but they are also being investigated by the Department of Justice, the Drug Enforcement Administration, and this issue is being reviewed to see what HIPAA considerations should be taken into account as well.
BetterHelp
BetterHelp is another therapy platform which connects patients with therapists to address whatever needs they have via virtual means including online, phone calls, and text messages. The Federal Trade Commission (FTC) fined the company for violating its own privacy practices. The company will be required to pay $7.8 million following the discovery that they were pushing users to share their sensitive health information, an action that the company supposedly encourages users not to do in their privacy policy. The FTC states that the company prompted users with unavoidable questionnaires about their personal information and that the company then leveraged the data provided to bring on thousands of new users and generate millions of dollars based solely on the information collected from these surveys.
These companies are meant to help individuals who are trying to improve their mental health, and yet they do not act as good stewards of the data they collect. Major changes needs to happen in the online mental health space in order for people to be able to comfortably and securely continue using such services.
