FTC takes off the gloves: $7.8M fine for Teladoc’s BetterHelp, warns Amazon (and everyone else) on One Medical patient privacy

The Federal Trade Commission (FTC) goes to ‘bare knucks’. BetterHelp, Teladoc’s promising telemental business, settled a complaint brought by the FTC in a 4-0 vote over ad trackers and sharing consumer health data with third parties. The ad trackers shared data with  Facebook, Criteo, Pinterest, and Snapchat for ad retargeting to these customers, knowing their situation. While the $7.8 million fine has to be approved by a Federal judge (as does GoodRx’s), the $7.8 million will be returned to consumers whose data was shared. How this will be done is a question mark to this Editor, but the tracking was done from 2013 (prior to Teladoc’s buy in 2015) to 2021, so quite a few will be eligible. According to the complaint, BetterHelp made false and deceptive statements to users about the disclosure of their information and formally “disseminated, or caused to be disseminated, misleading and deceptive representations regarding its compliance with federal health privacy laws.”

BetterHelp did not disclose to users that it was sharing personal information with third parties and never obtained consent. In fact, they assured users on intake that their information would be private, between them and their therapist. BetterHelp did not offer disclosure of information sharing and an opt-out form until October 2021. The information shared was extensive:

  • Intake questionnaire answers, such as whether the user was experiencing suicidal thoughts, and if they belonged to a group such as LGBTQ, teens, or Christians
  • Prescriptions
  • Prior therapy history if any
  • Email addresses and IP addresses
  • Financial status

The decisions on sharing information were delegated to a junior marketing analyst without training in PHI and protecting privacy from 2017. There was no formal compliance review or employee training in HIPAA practices. BetterHelp also displayed various logos, including HIPAA, to assure users that their information adhered to governmental standards and practices for health, when it clearly did not. (Editor’s note: as a marketer, both are shocking with Teladoc as a parent company well aware of these issues.)

Why this is important: Ad tracking is a form of revenue for companies, which now will be effectively shut off. This presents a decline in revenue hopes for Teladoc, which in January positioned BetterHelp as a bright spot of ‘balanced growth’. Expect that BetterHelp will be only the first of these companies in telemental health counseling to receive a working over from a newly-aggressive FTC–and with a return to in-person visits required for Schedule 2 meds, further depressing the entire category.  Complaint, Healthcare Dive, Mobihealthnews

FTC’s shot across the bow to Amazon and everyone in DTC digital health. With Amazon closing the buy of One Medical, the FTC issued a 1 1/2 page public statement warning both companies that because of privacy representations they have made prior to and after the acquisition, any failure to maintain consumer privacy will be in violation of Section 5 of the FTC Act. FTC will be looking at ‘false net impressions’ and “make clear not only how they will use protected health information as defined by HIPAA but also how the integrated entity will use any One Medical patient data for purposes beyond the provision of health care. ” And in closing, a broader warning:

The Commission has long taken the position that personal health information is sensitive data and has reaffirmed this position through recent enforcement actions. Further, companies that fail to have adequate safeguards or controls in place to protect sensitive data or fail to obtain consumers’ express affirmative consent for marketing based on sensitive data such as health data may be in violation of the law.

The law requires companies to treat sensitive data with great care. Accordingly, the parties and the market more broadly should be on notice that the Commission will continue to monitor this space and bring enforcement actions whenever the facts warrant.

Hat tip to HISTalk 3 March   TTA on FTC issues with Amazon post-closing 23 Feb

Analysis of the CVS-Aetna merger: a new era, a canary in a mine–or both?

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/12/canary-in-the-coal-mine.jpgw595.jpeg” thumb_width=”150″ /]This Editor has been at two healthcare conferences in the last four business days (with tomorrow being a third). They should be abuzz about how the CVS-Aetna merger may transform healthcare delivery. To her surprise, there’s been a surprising lack of talk. There is a certain element of ‘old news’, as the initial reports date back five weeks but the sheer size of it ($240bn combined future value, $69bn purchase, an estimated $750 million in near-term synergies), being the largest health insurance deal in history, and the anticipated effects on the health delivery model normally would be a breaking news topic. To this Editor, it is a sign that no one truly knows what to make of it, and perhaps it’s too big–or threatening–to grasp for provider and payer executives especially.

For an overview of what we saw at the time as reasons why and possible competitor reaction, Readers should look back to our original article [TTA 28 Oct]. It’s being presented by both companies as a vertical merger of two complementary organizations, which already were moving towards this model, integrating their different services into “America’s front door to quality health care” (CVS CEO Larry Merlo)–a lower cost setting that saves premium dollars and brings integrated care to consumers’ doorsteps.

CVS brings to the table huge point of care assets: 9,700 pharmacy locations, 1,100 MinuteClinics, Omnicare’s senior pharmacy solutions, Coram’s infusion services, and the more than 4,000 CVS Health nursing professionals providing in-clinic and home-based care. Aetna has about 23.1 million medical members, 14.5 million dental members, and 15.2 million pharmacy benefit management (PBM) services members. Aetna also has a wealth of advanced data analytics capabilities through two subsidiaries, ActiveHealth Management and  Medicity’s health information exchange technology.

Seeking Alpha has an intriguing POV on this entry into a ‘new era’: that both CVS and Aetna consider this to be a long-term reshaping of their business model under the threat posed by Amazon, and are willing to do this despite little short-term financial benefit for either company. The problem as the writer sees it: execution. This is re-engineering care on a national scale, and its benefits are based upon combining intangibles, a murky area indeed especially in healthcare. Time is also a factor, as Amazon is getting pharmacy licenses in multiple states, and is rather an expert at combining intangibles.

Does it signal that the approach to a ‘new era’ in healthcare is accelerating? If this is a preview, 2018 will be extremely interesting. Our ‘canary in the coal mine’ may tweet–or fall over on its perch, asphyxiated.

Some additional points to consider: (more…)

Melanoma app fined by FTC for deceptive claims (US)

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/04/melapp-screens.jpg” thumb_width=”150″ /]Following on Editor Charles’ reporting since February on two ‘melanoma detection’ apps cited by the US Federal Trade Commission as making unsupported claims on diagnosis of assessment of melanoma risks, one of the two, MelApp, has been fined approximately $18,000, deciding 4-1 in a final consent order. MelApp, an iOS and Android app developed by Health Discovery Corporation and retailing for $1.99, claimed without proof that it could assess skin lesion risk (low, medium, high) through a smartphone photo plus questions about the mark. From the FTC release: “The final order settling the action bars the company from claiming that any device detects or diagnoses melanoma or its risk factors, or increases users’ chances of early detection, unless the representation is not misleading and is supported by competent and reliable scientific evidence. It also prohibits Health Discovery Corporation from making any other deceptive claims about a device’s health benefits or efficacy, or about the scientific support for any product or service….” No word on a final consent order against Mole Detective, but we believe it will follow shortly. FTC press release. Previously in TTA: Action on bad apps, Mole Detective still available, and Mole Detective vanishes. Photo courtesy of the 23 February FTC release

All the sillier then that the VentureBeat article on the FTC action takes the tack that “The fine shows how difficult it will be for future mobile entrepreneurs to launch health apps that go beyond basic fitness and heart rate monitoring.” (more…)

Can State medical boards legally prevent telehealth activity?

This is the question that arises out of a recent ruling by the United States Supreme Court, not on anything related to telehealth but on teeth whitening!

The case was between the North Carolina State Board of Dental Examiners and the Federal Trade Commission. The Board had requested non-dentist teeth whitening practitioners to desist from carrying out these activities and was challenged on the grounds that the Board did not have authority to do so and was acting in an anti-competitive way. The challenge went all the way to the Supreme Court which upheld the lower court decision on the grounds that even though the Board is, in fact, an agency of the State its action must still be supervised by the State in order to enjoy anti-trust immunity. This is analysed by Eric M Fraser in the SCOTUS blog.

It is thought that the State Medical Boards in the United States also have similar rules of governance and therefore do not qualify for immunity from anti-trust law that some State agencies have. This has led to speculation that any restrictions imposed by a State Medical Board on a licensed medical practitioner with regard to the use of telehealth could be considered an anti-competitive action. (more…)