In the hierarchy of confidential data, health information ranks right up there. And in the hierarchy of health information, details about a person’s mental health may be among the most confidential. But according to the FTC, that’s not how online counseling service BetterHelp viewed it. The FTC says the company repeatedly pushed people to take an Intake Questionnaire and hand over sensitive health information through unavoidable prompts. And it promised to keep that information private through statements like: “Rest assured – any information provided in this questionnaire will stay private between you and your counselor.” But from the FTC’s perspective, a truthful statement would have been “Rest assured – we plan to share your information with major advertising platforms, including Facebook, Snapchat, Criteo, and Pinterest.” A proposed FTC settlement with BetterHelp includes $7.8 million for partial refunds for BetterHelp customers and conveys an unmistakable message about just how seriously the FTC takes this kind of betrayal of trust.
BetterHelp offers online counseling services through that name and through specialized versions for particular audiences – for example, Pride Counseling for members of the LGBTQ community, Faithful Counseling for people of the Christian faith, Terappeuta for Spanish-speaking clients, and Teen Counseling for teenagers who enroll with parental permission.
Since BetterHelp was founded, more than two million people have signed up, entrusting the company with their personal information, much of it related to the status of their health – and their mental health. For example, the company’s Intake Questionnaire asked people to disclose if they’re “experiencing overwhelming sadness, grief, or depression,” if they’re having thoughts they “would be better off dead or hurting [themselves] in some way,” if they’re taking medication, and if they’ve been in therapy before.
To assuage concerns about revealing personal information online or through an app, BetterHelp made a variety of confidentiality promises to consumers. Visitors to the site were told at the outset that the company collected “general and anonymous background information about you and the issues you’d like to deal with in online therapy” so the person can be matched “with the most suitable therapist.” Although the exact wording changed over time, the company assured people that aside from a few narrow uses related to providing online counseling services, their private information would remain private. In addition, for more than three years, BetterHelp told people thinking about signing up for Faithful Counseling, Pride Counseling, or Teen Counseling that their email addresses would be “kept strictly private” and “never shared, sold or disclosed to anyone.”
Despite those promises, the FTC says BetterHelp used a wide variety of tactics to share the health information of over 7 million consumers with platforms like Facebook, Snapchat, Criteo, and Pinterest for the purpose of advertising. You’ll want to read the complaint for details, but here are just a few examples. In 2017, BetterHelp allegedly uploaded the email addresses of all current and former clients to Facebook – nearly 2 million in total – to target them with ads to refer their Facebook friends to BetterHelp for mental health services. During another period, the FTC says BetterHelp disclosed to Facebook for advertising purposes the previous therapy of 1.5 million people who visited or used BetterHelp’s site. The source of that information: their responses to the intake question “Have you been in counseling or therapy before?”
But that’s not all. According to the complaint, BetterHelp broke its privacy promises by disclosing to Snapchat the IP and email addresses of approximately 5.6 million former visitors to target them with BetterHelp ads. In addition, for a six-month period, the company disclosed to Criteo the email addresses of over 70,000 visitors – including people who had looked into Pride Counseling and Faithful Counseling. Similarly, for a one-year period, BetterHelp disclosed visitors’ email addresses to Pinterest. What was in it for BetterHelp? According to the complaint, “Using this health information for advertising, [BetterHelp] has brought in hundreds of thousands of new Users, resulting in millions of dollars in additional revenue.”
When a news site revealed in February 2020 that BetterHelp was sharing consumers’ health data with third parties, people complained to the company. As one person put it, “I have not given ANY consent to share my information with ANYONE. ESPECIALLY ads targeting my mental health ‘weakness.’” How did BetterHelp respond? The FTC says the company doubled down on deception by falsely denying it had shared consumers’ personal information – including their health information – with third parties.
The eight-count complaint details how the FTC says BetterHelp’s allegedly deceptive and unfair practices harmed consumers. The proposed order in the case will require BetterHelp to pay $7.8 million that will be used to provide partial refunds to people who signed up for and paid for BetterHelp’s services between August 1, 2017, and December 31, 2020. In addition, the proposed order prohibits BetterHelp from sharing consumers’ health data for advertising or sharing their personal information for re-targeting – serving ads to consumers who had visited the company’s site or used its app. The settlement also includes provisions to limit BetterHelp’s data sharing in the future. The company must contact affected consumers directly about the case and must direct third parties to delete consumers’ health and other personal data that BetterHelp shared with them. Once the proposed settlement is published in the Federal Register, you’ll have 30 days to file a public comment.
The case offers a key guidance point for other companies: Honor your privacy promises. Tell the truth and get consumers’ affirmative express consent before sharing any health information.
Here are other takeaways to take into consideration.
“Personal information” may be “health information” simply due to the nature of the product or service. Generally speaking, an email address might not be considered “health information” – unless, of course, the source of the information is a health-related service. In the case of BetterHelp, most people visited the site to seek mental health assistance. Therefore, just the fact that BetterHelp, Pride Counseling, or Faithful Counseling was the source of their email or IP address revealed highly sensitive information to third parties. The message for others in the industry: Context counts.
Institute policies, practices, and procedures to protect health information. As the FTC’s complaint makes clear, a lack of appropriate safeguards can lead to unfair and deceptive practices related to the collection, use, and disclosure of health information. For example, the complaint alleged that BetterHelp failed to have written policies and procedures for protecting the privacy of health information. And it failed to properly train and supervise employees that handled that health information. It also didn’t get consumers’ affirmative express consent before disclosing their health information to third parties and it failed to contractually limit those third parties from using the data for their own purposes.
“Slinging hash” won’t necessarily protect consumers’ personal data. Although BetterHelp hashed people’s email addresses before sharing them with third parties – in other words, converted them into a sequence of letters and numbers through a cryptographic tool – the hashing was done just to hide the addresses in case of a security breach. The FTC says BetterHelp knew that third parties like Facebook would effectively undo the hashing to reveal the email addresses of people who had gone to the BetterHelp site for mental health services. Once Facebook had those addresses, it would easily match them to the email of people with Facebook accounts. What can other companies learn from that example? Certainly there are instances where hashing may be called for, but it won’t protect the privacy of consumers’ information if third parties can un-hash the data.
Monitor data flows to all third parties your site or app may transmit to via web beacons, pixels, or other tracking technologies. It’s illegal to make privacy promises to consumers without taking into account any information that’s going to third parties through various forms of ad tech. It boils down to this: Don’t make privacy promises that your practices don’t live up to.
When it comes to conveying claims to consumers, a picture can be worth a thousand words. Almost all of BetterHelp’s pages displayed multiple seals from third parties. Among them was a depiction of the medical caduceus and the term “HIPAA.” The complaint alleges that BetterHelp’s use of that visual falsely signaled to consumers that a government agency or other third party had reviewed the company’s practices and determined they met HIPAA’s requirements. Have you checked your site recently for graphics that could send similar deceptive messages?
Until the FTC’s proposed settlement with BetterHelp is final, we can’t offer specifics about the refund process. Bookmark the FTC’s refund page and watch for more information.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
- We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
- We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
- We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
- We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.
Better Help is doing it’s best to take over the mental health services for thousands if not millions of people. Because they have paid google to be first in advertising, its difficult for people searching to find anything else.
They certainly do not comply with ethics regarding PHI information and other data about its customers. Please take them off of the market. They are misusing the public.
In reply to Better Help is doing it’s… by Dr. Joanne Vizzini
Wonderful. All this as what, a reward for trusting them with your emotional health issues? That's supposed to be all taken care of when you trust a healthcare professional. What a bunch of clowns.
In reply to Wonderful. All this as what,… by David Keen
I am so glad I read the comments, and I came across you and I wanted to Ty for helping me not to use these people, I would love to find an online psychiatrist that would prescribe what a person needs to have peace of mind
In reply to Better Help is doing it’s… by Dr. Joanne Vizzini
Betterhelp is the Mcdonalds of mental health. It can be useful, but is not healthy in so many ways. Severely underpaid therapists and selling data of clients/patients - this should be enough to take them off the market, but somehow they're still here. Their advertising is everywhere. People don't even realize there are better and more affordable options out there (OpenPath).
Hello ftc.gov admin, Thanks for the educational content!
THIS is EXACTLY why the people in this country are facing astronomical rates of depression and anxiety and suicide! If the company 1) KNOWINGLY LIED in order to put ppl at ease so they would enter their information, 2) KNOWINGLY displayed symbols and/or signs to mislead the consumer 3) took information that EVERYONE knows is illegal and deliberately "protected" it before distribution in a way that it had knowledge would be easily undone and used to benefit their bottom line, along with every other moral and ethical misstep described here, that company SHOULD NOT be 'fined' (and a PARTIAL PAYMENT? I thought this was supposed to be the CONSUMER PROTECTION agency?!) they should be shut down PERIOD.
This is a sad attempt of this agency to try to spin the fact that put a company above the consumer AGAIN. This should've been made much more widely known so that potential customers could make a much better-informed choice about whether or not to spend their money there.
Many complaints were submitted by therapists like myself about BetterHelp mining therapist data from websites, which was then used to falsely inflate their number of providers despite those providers never having signed up or agreeing to use of our data. Therapists have complained that BetterHelp used this tactic to draw in clients. When clients asked for a data-mined therapist who had not signed up to be a provider, BetteHelp referred these clients to their own contracted providers. I’d like to know if these complaints that appear to be an unethical bait and switch tactic were also investigated.
The penalty Better Help is apparently agreeing
to sounds like a bargain. Are they ensuring proper credentials & licensing for their "counselling" services? Are they avoiding state licensing (by jurisdiction jumping) to insulate themselves from malpractice claims? Isn't the penalty a small % of their ill-gotten revenue?
Even if you find them, it will just be another cost of doing business. Find a way to put the people in charge in jail.
They need to be SHUT DOWN. They BETRAYED the most vulnerable people. Most of us need(ed) therapy, in part, specifically BECAUSE OF BETRAYAL OF TRUST. Personally, just reading this has set me back in my recovery. I will never be able to trust therapy ever again. This is just beyond wrong.
In reply to They need to be SHUT DOWN… by Former BetterH…
They have been involved in various privacy breaches as well as questionable psychotherapy practices .
Someone needs to take action. Vulnerable people need protection in such serious matters .
In reply to They need to be SHUT DOWN… by Former BetterH…
Please know most therapists are not like this. I have worked with six different therapists and NONE were like this.
In reply to They need to be SHUT DOWN… by Former BetterH…
I suggest you trust psychotherapy. I do, and it works. These clowns are not the entire profession, just a group of clowns.
Thank you to everyone who commented. This is helpful information to know. I also read an article about how much they spend on advertising. I recommend it.
"A proposed FTC settlement with BetterHelp includes $7.8 million for partial refunds for BetterHelp customers and conveys an unmistakable message about just how seriously the FTC takes this kind of betrayal of trust."
7.8 million concerts that they don't take it very seriously at all. That amount is a line item "cost of doing business" compared to how much these companies profit from this kind of stuff.
However this complaint gets resolved, please require that BetterHelp inform both clients and therapists what happened and how they plan to respond.
"Disrupting" health care only works by cutting corners, substituting loose business ethics for time-honored medical ethics, and turning treatment into an assembly line. This may "scale up" and attract lots of customers. Meanwhile, it erodes the public's trust in doctors and other health care workers. And more important, it hurts patients.
As a psychiatrist, I know there are many ways to help people with emotional pain. Not all are professional services. Providing a professional service like psychotherapy demands careful ethics and high clinical standards. If BetterHelp doesn't want to play by the rules, it shouldn't be in this business.
It's hard and often expensive to find quality health care. But that's not a license to endanger patients, or violate their privacy, in pursuit of the almighty buck.
What about those of us who filled out the questionare then didn't take up the service after seeing the prices? Did we just give away our data and we're not going to see recompense?
BetterHelp has been helpful to me. I trust the individual therapist.
I started receiving text messages from better help and never signed up. Now I have a text with a link telling me to meet my new therapist. Again I've never signed up. This puts a bad name and a bad rep for any therapist using them. I wouldn't trust it. How did they get my number? So maybe they went from selling info to buying it ... who did they buy from?
In reply to I started receiving text… by Kara
This happened just now to me… never signed up. It is making me nervous like identity theft or something.
I recently became a BetterHelp provider not knowing any of this unethical business practice information to try to give back to the community because the compensation is equal to volunteering my time. Someone shared that I should look into the BetterHelp scandal. And, after reading this blog, I really wish I had not associated myself at all with such a terribly unethical company. I give the same professionalism to all of the individuals who entrust themselves to my care whether BetterHelp or Private practice. But I am certainly not planning to continue with BetterHelp after this. I will continue to care for the people with whom I've been connected, but after that I'm out. It seems criminal to treat people - therapists and those seeking assistance - in this way.
In reply to I recently became a… by ATherapist
I also recently became a BetterHelp provider (Dec. 2022) and stopped taking new clients a month ago. I will continue to provide care for the folks still active on my caseload, and will then end my work with association with this company. I am curious about how, or if this settlement can protect anyone from continued sharing of private information. I will say that the clients that were assigned to me likely would not have been in counseling without the flexibility that is provided on the BetterHelp platform.
I just gave Better Help my information but I did it because I thought in the video shown it was an online free therapy. But after I finished their charges were 67.00 which I cannot afford then they said I may qualify for financial aid, my payments would be 48 dollars a week 🤔 but this was I gave them my SSI amount. Yes the should be closed out of business. What a deception preying on people in need. I don't have that money to spare, but I did give them the personal information about the type of therapist I wanted. WOW! What a dirty trick played on the consumers. Close them down, they are no less than hackers that steal information outright. Different is this Company, Better Help do it through deception.
This is everyone's worst fear in taking the first step to reach out for therapy and help. I have various people in my life struggling and unwilling to reach out for help because they don't trust mental health professionals. This makes things so much worse. And I almost recommended this service in good faith to them. Betterhelp should be SHUT DOWN. They overstepped SO MANY boundaries that should never be crossed. The FTC is not taking this issue seriously enough and this equates to a slap on the wrist for something that can hold up to 10 years in prison according to the AMA website ("offenses [of violating HIPAA] committed with the intent to sell, transfer or use individually identifiable health information for commercial advantage, personal gain or malicious harm permit fines of $250,000 and imprisonment up to 10 years.") The consequences for such an egregious violation of users' human rights (to privacy) should be very clearly THE END OF SOMEONE'S BUSINESS.
I should not have to explain why this is so terrible. That's Not My Job, and I'm wondering if anyone is doing theirs at this point.
I signed up for the website during a mental health crisis a few years ago. In exchange for wanting to try their services which I couldn’t afford to in the end, BetterHelp decided to advertise my email to 3rd party websites and now my email is flooded with spam messages every day. This has caused a lot of distress for me as it’s caused me to miss important emails due to the overwhelming number of spam emails I receive daily. I have sent an angry email to their website and have yet to receive any formal apology, besides a useless email simply stating that they have “asked” those websites to take down my email address so I won’t be harrassed by spam anymore.
How do we aggrieved patients get in on the settlement?
All I can say is: you get what you pay for, and Better Help is cheap (for therapy). And now, I hear they've sold my information . . .
The only sentence in this entire thing that matters is “it failed to contractually limit those third parties from using the data for their own purposes.”
Everybody else does everything they are claiming BetterHealth does. Except that.
They are awful. I had one therapy session with them because they're included with our employee benefits, and the therapist seemed bored. I was grieving a recent loss of a long term partner, and the therapist suggested I should just face reality that they were gone. I said that I was hurting and sad and I felt that their remark showed a lack of compassion. They said they were "blunt" and that was just their style. WTH? Awful therapist. I didn't go back for a second session.
Fee is far to low, quoting the article itself " the FTC says BetterHelp used a wide variety of tactics to share the health information of over 7 million consumers". The cost for copyright infringement is $750-$30k. Violating health information sharing should be at least as bad as the bottom end of that. So 750 x 7million infringements should be the starting point of any sort of bargaining better help might get by give concessions.
However there is in no way that number should be lower than 10million immediately and 10% of profit for next 20 years. Not revenue but profit, as have to give some sort of incentive to improve. Oh and anyone in a C-Suite style position can't go to or start any other job related to mental health for those 20 years.