Telehealth Companies Under Scrutiny For Allegedly Sharing Health Data With Third-Party Advertisers

February 13, 2023 - Senators Amy Klobuchar (D-MN), Susan Collins (R-ME), Maria Cantwell (D-WA), and Cynthia Lummis (R-WY) sent letters to telehealth companies Cerebral, Monument, and WorkIt Health, addressing concerns over the companies’ health data privacy practices.

Telehealth has become a crucial component of healthcare in the United States, but “should not come at the cost of exposing personal and identifiable information to the world’s largest advertising ecosystems,” the letters explained.

Specifically, the Senators took issue with reports that these companies have been tracking their customers’ sensitive health information and sharing it with third-party advertisers such as Meta and Google.

“On your site, patients are asked to answer a series of questions covering conditions such as depression, anxiety, and bipolar disorder. Although your website claims that information entered on these intake forms is confidential and secure, this information is reportedly sent to advertising platforms, along with the information needed to identify users,” the Senators noted in a letter to Cerebral.

“This data is extremely personal, and it can be used to target advertisements for services that may be unnecessary or potentially harmful physically, psychologically, or emotionally.”

The Senators requested that all three companies answer important questions about how they leverage user data. Specifically, the Senators asked the telehealth companies to provide a complete list of questions that users may be asked on their platforms and a list of all third-party platforms that the companies have sent user information to within the last three years.

The four Senators also sought answers on whether the companies planned to protect patients from being identified by the data shared with third parties, and the specific strategies they might be using to do so.

The use of third-party advertising technologies by healthcare organizations was the subject of a recent Federal Trade Commission (FTC) enforcement action against GoodRx, a telemedicine and prescription drug discount provider.

The FTC alleged that GoodRx “violated the FTC Act by sharing sensitive personal health information for years with advertising companies and platforms—contrary to its privacy promises—and failed to report these unauthorized disclosures.”

GoodRx denied any wrongdoing but agreed to pay a $1.5 million penalty to resolve the allegations.

“In fact, almost three years ago, before the FTC reached out to us, we proactively made updates consistent with our commitment to being at the forefront of safeguarding users’ privacy,” GoodRx stated.

“While we had used vendor technologies to advertise in a way that we believe was compliant with all applicable regulations and that remains common practice among many health, consumer and government websites, we are proud that we took action to be an industry leader on privacy practices.”