The FTC also says that the company gave customer service agents false scripts to try and reassure users that it wasn’t sharing personally identifiable or personal health information after a February 2020 report from Jezebel exposed some of its practices. The commission’s complaint (PDF) accuses the company of misleading customers by putting a HIPAA seal on its website, despite the fact that “no government agency or other third party reviewed [BetterHelp]’s information practices for compliance with HIPAA, let alone determined that the practices met the requirements of HIPAA.”
If the FTC’s order ends up going through, the $7.8 million would go to customers who signed up for the service between August 1st, 2017, and December 31st, 2020. Here are some of the other things BetterHelp would be required to do:
– Stop sharing individually identifiable information about consumer’s mental health with any third parties
– Stop misrepresenting its data collection and use policies
– Alert customers who created accounts before January 1st, 2021, that their personal info may have been used for advertising
– Obtain “affirmative express consent” from a customer before sharing information with a third party
– Reach out to third parties that received customer information and ask that it be deleted
– Establish a “comprehensive privacy program” and have an independent third party carry out privacy assessments
Read more of this story at Slashdot.