The FTC fined BetterHelp $7.8 Million in the latest sign of increased regulatory crackdowns over privacy breaches in health care.

As reported by The Verge (BetterHelp shared customer data while promising it was private, says FTC, written by Mitchell Clark), online counseling company BetterHelp has agreed to pay $7.8 million to settle charges from the Federal Trade Commission that it improperly shared customers’ sensitive data with companies like Facebook and Snapchat, even after promising to keep it private. The proposed order, announced by the FTC on Thursday, would ban the same behavior in the future and require BetterHelp to make some changes to how it handles customer data.

According to the regulator, the sign-up process for the company’s service “promised consumers that it would not use or disclose their personal health data except for limited purposes.” However, the FTC alleges that the company instead “used and revealed consumers’ email addresses, IP addresses, and health questionnaire information to Facebook, Snapchat, Criteo, and Pinterest for advertising purposes.”

The FTC also says that the company gave customer service agents false scripts to try and reassure users that it wasn’t sharing personally identifiable or personal health information after a February 2020 report from Jezebel exposed some of its practices. The commission’s complaint accuses the company of misleading customers by putting a HIPAA seal on its website, despite the fact that “no government agency or other third party reviewed [BetterHelp]’s information practices for compliance with HIPAA, let alone determined that the practices met the requirements of HIPAA.”

The FTC’s originally filed complaint also notes BetterHelp’s use of pixels, an analytics tool that tracks a users’ visits to its website. BetterHelp’s privacy policies stated that it would use web beacons (including pixels) and cookies for limited purposes. These limited purposes did not include the use or disclosure of users’ health information for advertising purposes, or the disclosure of this information for third parties’ own purposes. However, the FTC alleged that BetterHelp’s privacy policy representations misled users and they were used for advertising purposes, including by uploading consumers’ email addresses to third-party advertising platforms through pixels.

Assuming the FTC’s order ends up going through, the $7.8 million would go to customers who signed up for the service between August 1st, 2017, and December 31st, 2020.

Tracking pixels also led to this data breach at another healthcare provider that may have affected up to 3 million patients and a long string of complaints and lawsuits were filed against hospitals and Meta for collecting data on hospital websites. Something tells me this isn’t the last we’ve heard about tracking pixels and healthcare organizations.

So, what do you think about the fact that the FTC fined BetterHelp $7.8 Million? Should all healthcare sites drop the use of tracking pixels? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.