Senators Ask Mental Health App Companies Concerning Privacy and Data Sharing Practices

Senators Ron Wyden (D-OR), Cory Booker (D-NJ), and Elizabeth Warren (D-MA) wrote to two major mental health app vendors and required replies regarding their practices regarding information collection and disclosure.

There were a number of allegations that the mental health applications offered by Talkspace and BetterHelp are acquiring, mining, and distributing private client data to third parties, including big tech corporations for example Facebook And Google. Throughout the COVID-19 outbreak, the use of mental health programs grew instantly. The apps made available an option to standard face-to-face therapy, with the app builders themselves promoting the apps as a less expensive option to regular treatment.

Though therapists need to follow the Health Insurance Portability and Accountability Act (HIPAA), mental health software fall under a neutral area and is not typically governed by HIPAA, meaning the prohibitions on protected health information (PHI) uses and disclosures required by the HIPAA Privacy Guideline don’t apply to a lot of mental health applications.

End-users of those apps may not know that any detail obtained, kept, or sent via the software may be sent to third parties. Users may wrongly think that HIPAA is applicable to these applications because when similar information was to be gathered by a healthcare company – a HIPAA-covered entity – the data would be categorized as PHI and the HIPAA Guidelines would be applicable. Then again, almost all app creators, such as mental health application makers, aren’t covered by HIPAA and are typically not really business associates. The programmers of those apps must make clear their privacy policies concerning any uses or disclosures of users’ details, still, privacy policies are frequently ambiguous.

Early on this year, Consumer Reports’ Digital Lab researchers explored 7 mental health applications, including the applications offered by Talkspace and BetterHelp. Making use of specially designed Android devices, the researchers followed which third-party organizations acquired data from the software and looked if privacy options were activated or not automatically. The researchers discovered that the applications behaved like numerous other consumer software, and shared unique IDs connected with individual mobile phones which could be utilized by big tech providers to monitor what people do through many varied applications. When joined together with other information, users may be offered targeted advertisements.

An investigation in February 2020 determined that BetterHelp was giving analytics details with Facebook, including how frequently the app was used and metadata from each message, data on how long and where people were using mental health services. Past staff members of Talkspace reported that treatment transcripts were deemed as a data tool to be mined, and individual users’ anonymized communications were regularly reviewed and extracted for information to help the business with research and advertising practices.

The Senators have brought up issues concerning the usage of anonymized information, since that information may be merged with other data to identify persons. The Senators referenced a 2019 research that identified anonymized records that contained only a zip code, birth date, and sexuality would enable someone to be recognized in 81% of instances.

The senators have questioned the two firms the following:

  • the types of information obtained
  • the scope of data that is being provided to third parties
  • the techniques employed to secure clients’ data
  • how prospective clients and existing users are advised concerning the privacy guidelines and the risks connected with information sharing

The businesses have up to July 6, 2022 to give a reply.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.