The Federal Trade Commission (FTC) recently fined digital mental healthcare provider BetterHelp $7.8 million for sharing the personal health information of millions of consumers with advertisers like Facebook, Snapchat, Criteo and Pinterest. BetterHelp is the second digital health company to be targeted this year by the FTC for its use of consumers’ health information and experts say the FTC’s recent enforcement actions likely serve as a warning shot to digital health companies.
Digital health companies should act now to re-evaluate how user data is acquired and shared following the FTC’s enforcement actions this year. While the legal concerns are evolving in light of these enforcement actions, digital companies, both healthcare and non-healthcare alike, should implement and/or review their privacy policies and data security plans. A review of these policies and plans cross various legal disciplines and the DUGGAN BERTSCH LLC health care and corporate departments are well poised to assist.
We highlight the FTC’s 5 key principles of a sound data security plan:
- Take Stock: What types of personal information are in a company’s files and on its computers?
- Scale Down: Keep only what is needed for business purposes.
- Lock It: Protect the personal information which is stored by your business.
- Pitch It: Properly dispose of what is no longer needed to accomplish your business’ purposes.
- Plan Ahead: Implement a crisis management plan to respond to security incidents.
The FTC provides additional advice and resources for businesses, both large and small, on how to comply with its laws and protect the personal information such businesses store (https://www.ftc.gov/business-guidance). Clients should note that the FTC provides only one set of compliance requirements to which a digital company may be subject. For example, digital health companies must also consider privacy and security concerns under HIPAA. DUGGAN BERTSCH LLC is positioned to guide you and your business through comprehensive and thorough privacy and security compliance efforts.
For more information on DUGGAN BERTSCH LLC’s Health Care Practice, please refer to our informational brochure: