back to article FTC: BetterHelp pushed users to share mental health info then gave it to Facebook

Even if you don't know anyone who has used BetterHelp's services, podcast fans will recognize it from its annoying adverts for its online therapists. American regulators, however, allege the company's relationship with the advertising industry is more perverse than a mere irritating jingle, claiming it betrayed loyalties that …

  1. Eclectic Man Silver badge
    FAIL

    industry standard

    "industry-standard practice... routinely used by some of the largest health providers, health systems, and healthcare brands."

    There was a time when a whole load of things that are now illegal were 'standard practice' for those who could get away with them. That does not make them right, legal or defensible now.

    Reading the article I think that US$7.8 million or thereabouts is a pifflingly small sum to be fined for the breach of trust and misrepresentation. Claiming to be HIPAA certified when you are not, changing the wording concerning the privacy of client data, making the questionnaire mandatory (could not be skipped), and all this to people with mental health issues they were hoping to get help with is appalling.

    It sounds like they are managed, or have been taken over, by a group of people with no conscience.

    1. Anonymous Coward
      Anonymous Coward

      Re: industry standard

      It's almost 1%, what do you mean?

      That whole 7.8 million is going to have to come out of staff salaries - say $5000 from each staff member _including_ the CEO!

      1. parlei

        Re: industry standard

        Not a flat sum: 1-2 months salary (etc)

    2. Woodnag

      So why was Facebook not charged also?

      FB surely has liability as recipient of health data too?

    3. Doctor Syntax Silver badge

      Re: industry standard

      Which is a good reason have set the fine at a level which would have taken down the business and thereby encourage the rest of the industry - whatever that might be - to raise its standards to something acceptable.

  2. cornetman Silver badge
    Facepalm

    > We understand the FTC's desire to set new precedents around consumer marketing, and we are happy to settle this matter with the agency.

    God I hate this type of passive aggressive response from companies caught doing something that any reasonable person would know was unethical.

    Read as "FTC is moving the goalposts and making new rules that couldn't have known about in advance and are taking it on the chin for our customers."

    1. Snake Silver badge

      This exactly, was coming here to point out the same thing. Nothing "new prescient" about this, scumbag, you did something so intentionally rotten that you hid your actions through the sleazebag tactic of rewriting your ToS, using indirect wording, to try to hide your actions.

      And now you're caught, yet trying to play victim.

  3. Throatwarbler Mangrove Silver badge
    Flame

    <Expletive deleted>

    Basically, these chiselling cocksuckers, who are making massive profits, are trying to squeeze every last drop of profit out of the mentally troubled. They also underpay their mental health professionals and/or choose to employ very junior professionals, so customers are getting the lowest-paid and potentially least-qualified mental health providers. On the one hand, I very much favor innovative ways of getting people access to mental health care; on the other hand, surely that's possible while still retaining of modicum of ethics.

    1. Anonymous Coward
      Anonymous Coward

      Re: <Expletive deleted>

      I think people that are so vulnerable are entitled to be dealt with by entities with far more than just a modicum of ethics. Real ethics should be at the forefront of their modus operandi or they should be allowed to go near this business.

      1. Anonymous Coward
        Anonymous Coward

        Re: <Expletive deleted>

        Apologies for leaving out the word "not":

        Real ethics should be at the forefront of their modus operandi or they should NOT be allowed to go near this business.

        I absolutely hate people who prey on the weakness of others.

  4. Rich 2 Silver badge

    What about Facebook?

    The recipients of this data should also be sued. What business does faecesbook have with knowing this stuff? They MUST have known that they shouldn’t have received it.

    The whole lot of them are scum and should be shut down - fining then does absolutely nothing; like most governments around the world, they are just moving money about rather than actually doing something practical

    1. Vometia has insomnia. Again. Silver badge

      Re: What about Facebook?

      Facebook's business is that it has form for manipulating people's mood to increase "engagement" and therefore advertising revenue. Very nasty company that shouldn't be allowed anywhere near this sort of information.

    2. Falmari Silver badge
      Mushroom

      Re: What about Facebook?

      @Rich 2 “The recipients of this data should also be sued.”

      Sued by who? To sue you must know Facebook has collected personal health/medical data on you. The 4 million Facebook users that Facebook matched with their health data may know but what about the 3 million non-Facebook users the ones that Facebook could not match to user IDs.

      I would hope that storing sensitive health data on an individual without their explicit permission is illegal even in the US and Facebook is prosecuted for breaking the law.

      I am sure Facebook would say they have their user’s permission from whatever user agreement was signed. But the data was not shared by the users, it was shared by a company outside of the Facebook platform. If the user is not sharing the data, then they are not giving permission to store it and add it to their profile. The 3 million non-Facebook users have certainly not given Facebook permission.

      As for the fine on BetterHelp $7.8 million way to low. That is only $1 for each infringement (7 million customers health data was shared).

      1. Doctor Syntax Silver badge

        Re: What about Facebook?

        "To sue you must know Facebook has collected personal health/medical data on you."

        The solution to that is legislation that ensures pro-active enforcement and fines so large that such data would be regarded as toxic and companies wouldn't want to touch it let alone pay for it.

        What do I mean by pro-active enforcement? The equivalent of factory or fire inspectors who would have the right to descend on a company and go through it with a fine-tooth comb to see what they were doing. Impossible to legislate? Well, in the early days of the industrial revolution you'd have said the same thing about regulation of working conditions but as the abuses came to light legislation became inevitable irrespective of the influence factory or mine owners might have wielded.

  5. Anonymous Coward
    Anonymous Coward

    There is only one punishment outside massive fines

    Yes, they should have every erg of profit taken away from them as punishment, but that isn't enough.

    The people at the top who orchestrated this should have their right to privacy flat out annulled for a couple of years. They should not be entitled to any protection of their personal details whatsoever to the point of even having details of genital warts and STDs out in the open. Bank accounts, social security numbers - the lot. Let them suffer at the hands of fraudsters and other malcreants who abuse personal details in a manner like they did themselves, and this punishment should be meted out to all who seek to make profit by causing misery for the most vulnerable.

    Enough is enough.

    1. Paul Crawford Silver badge

      Re: There is only one punishment outside massive fines

      Better still, jail time for those in charge. There they can experience all sorts of privacy violations.

      1. Anonymous Coward
        Anonymous Coward

        Re: There is only one punishment outside massive fines

        The problem is that it appears the threat of jailtime seems not to form a deterrent, and that is assuming that their lawyers don't get them off on a technicality as usual or with a fine where they're allowed not to admit to anything.

        Sometimes I feel putting people in stocks for a couple of days so they could be pelted with rotten fruit and raw eggs would be more effective.

        1. Surreal
          Flame

          Re: There is only one punishment outside massive fines

          I think that the real problem is that there IS no threat of jail time. Having to repay a percentage of the fees collected is definitely, provably, not a deterrent.

          Lock some of the bastards At The Top of the company up and watch how quickly other predatory companies change their ways.

          If I could rob banks and the only deterrent was that I *might* have to give 15% back if I was caught, I would not be working 40 hours every week.

          1. Doctor Syntax Silver badge

            Re: There is only one punishment outside massive fines

            "Having to repay a percentage of the fees collected is definitely, provably, not a deterrent."

            It depends on the percentage. Let's start at 400% and increase it if it's still not effective.

  6. Claverhouse
    Pirate

    You've Got Mail !

    I understand that if one looks up any health issue on big Health Sites in America, Google and/or the sites pass along one's interest to relevant purveyors of cures; enabling one to receive information one may be unaware of.

  7. Kevin McMurtrie Silver badge

    Pinching ants one at a time to teach a colony a lesson

    Kaiser Permanente is still embedding kp-app.quantummetric.com and hashcode-kp.siteintercept.qualtrics.com in sensitive pages to collect sensitive data into systems not qualified for that. I get scammer robots calling if I don't use an ad blocker.

    The scale of abuse is so large that I don't think the industry even notices what the FTC is doing.

  8. jollyboyspecial

    Everybody Else Does It

    "claimed in a statement that it merely used "industry-standard practice... routinely used by some of the largest health providers, health systems, and healthcare brands."

    Everybody else does it is not a defence. If anything it's an admission of guilt.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like