Fraud Management & Cybercrime , Governance & Risk Management , Healthcare
Senators Grill Telehealth Firms on Data-Sharing PracticesBipartisan Lawmakers Latest to Raise Concerns Over Tracking Code in Healthcare
Scrutiny over the use of online tracking codes in health-related websites intensified Thursday as a group of bipartisan U.S. senators pressured three telehealth companies about their data tracking and sharing practices.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Lawmakers expressed alarm over reports that the telehealth companies collect and share personally identifiable health data with social media platforms for advertising purposes - despite promises to consumers that their data, including mental health and addiction treatment information, remains confidential. The senators are Democrats Amy Klobuchar of Minnesota and Maria Cantwell of Washington and Republicans Susan Collins of Maine and Cynthia Lummis of Wyoming. Cantwell chairs the Senate Commerce Committee, which has jurisdiction over tech industry regulation.
In December, investigative reporting outlets Stat and The Markup said they had found that 49 out of 50 telehealth websites evaluated were sharing consumers' health information with third parties via website tracking tools.
The telehealth firms receiving the letters are California-based Cerebral, which offers mental health services; Monument, a New York-based online alcohol treatment platform; and Workit Health, a Michigan-based substance addiction treatment provider.
"On your site, patients are asked to answer a series of questions about their alcohol use and mental health. Although your website also claims that 'any information you enter with Monument is 100% confidential, secure, and HIPAA compliant,' this information is reportedly sent to advertising platforms, along with the information needed to identify users," the senators write in their letter to Monument CEO Mike Russell.
The senators express similar concerns to Cerebral CEO David Mou and Workit Health CEO Robin Ann McIntosh over data tracking and sharing involving consumer information collected on their online platforms.
The senators' letters come just a week after the Federal Trade Commission on Feb. 1 slapped telehealth and discount prescription drug company GoodRx with a $1.5 million civil penalty for failing to disclose to consumers that it had shared their data with advertisers, including Facebook and Google (see: FTC Hits Firm With $1.5 Million Fine in Health Data-Sharing Case). The company also faces a proposed class action lawsuit.
A backlash against Big Tech's collection of health-related information began in earnest last summer following heightened worries that tech companies could disclose information about women's reproductive health after the Supreme Court's decision revoking a constitutional guarantee of access to abortion. Facebook faces a proposed class action in federal court alleging it violated health privacy law by collecting data from patient websites (see: Judge Denies Motion to Stop Health Data Scraping by Meta).
Workit Health, in a statement to Information Security Media Group, says it appreciated the senators' "attention to the way tracking technologies are used in digital health, as privacy is a core part of our ethos."
A Cerebral spokesperson, in a statement to ISMG, says the company is "committed to working with other responsible parties to establish clear guidelines concerning the evolving technologies that improve the delivery of mental healthcare."
Monument did not immediately respond to ISMG's request for comment.