NSFW? Part 3: Can you trust your mental health provider?
Content
- For sale: your most sensitive info
- Can mental health companies be trusted?
- Safety you can trust
In the modern world, data is king. It can empower people. Give whole governments painstaking insight into how their projects progress, or economy fares. And shape how organizations do business.
When it comes to a person’s health, however, where do we draw the line?
Is it ok for a mental health company to sell users’ most intimate information, for instance? Like someone’s years-long battle with an eating disorder, self-harm, or thoughts about suicide?
What if the organization vowed to never share people’s private data, but did it anyway, in secret? Is that somehow better? Or much worse?
Mental health platforms exist to support, and improve, people’s wellbeing. Or at least that’s the general idea. Yet more and more firms are being caught turning people’s emotional pain into profit.
Don’t worry, we’ll say it: that’s really not ok.
For sale: your most sensitive info
Last year, the Federal Trade Commission (FTC) slapped a popular online therapy provider with a $7.8 million fine, for sharing user data with the likes of Facebook and Snapchat, despite promising not to.
The startup is far from the only offender. In February 2023, the FTC fined another telehealth provider, to the tune of $1.5 million, for a similar breach. And a December 2022 study of 578 mental health apps found that 44% shared data with third parties.
Elsewhere, a damning study from Duke University's Sandford School of Public Policy showed just how in-depth and personal this data can go.
For as little as $275, they found data brokers offering highly sensitive information, “including data on those with depression, attention disorder, insomnia, anxiety, ADHD, and bipolar disorder as well as data on ethnicity, age, gender, zip code, religion, children in the home, marital status, net worth, credit score, date of birth, and single parent status.”
Some brokers even hinted they could supply identifiable data, which is as troubling as it is potentially dangerous.
Can mental health companies be trusted?
It’s a valid question. And, to be frank, there’s no easy answer.
As part of its annual *Privacy Not Included research, the Mozilla Foundation tests the privacy and security of various mental health apps, based on companies’ approach to data, security and AI, plus whether users have control of their own info.
In 2022, 28 of the 32 apps reviewed received a *Privacy Not Included warning label. 25 of these failed to meet Mozilla’s minimum security standards – like the need for a strong password, or fixing vulnerabilities with security updates.
Come 2023, and there were some bright shoots. Almost a third of apps showed signs of improvement – on password security, user control and privacy policy, in particular.
Yet 17 got worse.
Thankfully, change is coming.
Where mental health firms selling user data was once viewed as shady but legal, recent FTC clampdowns show that powers to protect privacy not only exist, but have sharp teeth.
Safety you can trust
Like we said in our last blog, not all wellbeing platforms are the same.
And, given the bad press some mental health apps are getting (quite rightly) right now, it’s vital you find one that will keep your staff’s data and privacy safe.
When talking to any would-be mental health partner, here are a handful of things we’d advise you ask:
- Is data encrypted, securely stored, and protected from unauthorized access?
- Is information only used with clear consent from users themselves? And when it is, is this for targeted measures – like improving the platform, and direct care? Or vague things – like ‘sharing with trusted partners’ (read: other organizations keen to buy it)?
- Are there robust security measures in place – e.g. the need for strong passwords?
- Does the platform demand access to a user’s camera, microphone, images or location settings? If so, why?
- Do users have full control of their own data – e.g. when closing their account, does their data get deleted too?
Want to find out more about workplace wellbeing provider dos and don’ts?
We've created a handy checklist to help you choose a sustainable program fit for a modern workforce.
Thanks for reading part 3 of NSFW?. But don’t stop now. Next up, NSFW? Part 4: Great wellbeing leaders aren't born. They're trained