Potential users can take certain steps to ensure their data can be more protected when using online therapy apps, according to some experts.
Jenny Kane / AP
hide title
change the subtitles
Jenny Kane / AP
Potential users can take certain steps to ensure their data can be more protected when using online therapy apps, according to some experts.
Jenny Kane / AP
Online therapy has become a booming industry in recent years, but with this growth come questions about how well these types of companies are protecting their patients’ privacy.
Most recently, in June, Sens. Elizabeth Warren, Cory Booker and Ron Wyden asked two leading online therapy companies, BetterHelp and Talkspace, to provide information about how they handle user data and their privacy practices.
Democratic senators said they were concerned that the companies could leave their patients “vulnerable to exploitation by large technology platforms and other online actors.”
BetterHelp markets itself as the world’s largest online therapy service with nearly 2 million users, according to its website. The company operates through thousands of therapists who can communicate with patients via phone, text or video chat.
But a 2020 investigation by Jezebel found that BetterHelp information was being shared with Facebook, including metadata about messages between patients and therapists. Facebook can also see the duration, approximate location and amount of time people spend on BetterHelp, according to Jezebel. (BetterHelp is an NPR funder).
The nonprofit Mozilla Foundation has also raised concerns about the privacy policies of BetterHelp and Talkspace.
Talkspace said NPR has one of the most comprehensive privacy policies in the industry and is collecting information to comply with the senators’ request.
Mary Potter, the company’s chief privacy officer, added that communication between patients and therapists takes place in “a fully secure and encrypted private ‘room.'” We believe our technology fully complements [the Health Insurance Portability and Accountability Act] privacy and security requirements and protocols. For absolute clarity, we do not sell user information to third parties.”
BetterHelp did not respond to requests for comment.
With online mental health services offering a convenient alternative to traditional in-person therapy methods for many, NPR asked digital privacy experts to weigh in on what you should know about protecting your privacy when using these types of platforms.
The privacy tips here may apply to more than just online therapy services, but experts say these steps can also help with privacy related to therapy apps.
It starts with your phone settings
“Go to privacy settings [your] smartphone operating system. Every time you download an app, go to its privacy settings. Enable all options that allow you to limit how apps can track you,” it said Arvind Narayanan, an associate professor of computer science at Princeton University.
Narayanan said to pay attention whenever a screen asks for permission.
“Don’t just tap the default option. When you try to limit tracking, many apps will try to convince you that you’re missing out. These are generally misleading or deceptive claims,” he said. NPR.
Opt out of personalized ads and cross-app tracking
John Davisson, director of litigation and senior counsel at the Electronic Privacy Information Center, said that while steps to protect your privacy depend largely on the specific app, users can choose to opt out of personalized Google ads and turn off tracking between applications.
“This prevents data you enter in one app from being linked or compared to data uploaded to another app,” Davisson told NPR.
If you’re signed in to your Google account, turn the “ad personalization” slider to “OFF” here. According to Google, this recall will work for all your devices where you’re signed in when you’re recognized as signed in.
And when you sign out of your Google Account, you can opt out of personalized ads on the web and in Google search under the options here.
You can opt out of personalized ads on Apple, Android, and Facebook and Twitter devices by following the steps here.
Deactivate your mobile advertising ID
Users can also turn off their mobile advertising ID, which limits the ways companies can collect your data, location, search history and browsing history, according to Davisson.
For iPhone users, go to Settings > Privacy > Tracking to see if there are any apps you’ve previously allowed access to track. Slide the slider to “off” where it says “Allow Apps to Request to Track” so that the button is grayed out.
For Android users, go to Settings > Privacy > Ads > and tap on “delete ad ID”. An older version of Android may provide the option to “Opt out of ad personalization” instead.
Read an app’s “privacy food label” carefully
According to Davisson, reading apps’ “privacy food labels” can give prospective users a clearer sense of the types of data the apps are collecting and how they’re being used.
Apple says these tags are a way to provide a more transparent explanation of how apps handle user data.
You can find Apple’s privacy labels when you scroll down on an app’s page in the App Store where you’ll see an “App Privacy” section.
Google Play implemented a similar tag for Android users that started appearing in some apps in April.
However, these tags don’t always tell the whole story, as Apple and Google say developers self-report this information.
Other measures
Specifically with BetterHelp, the Mozilla Foundation recommends that you do not connect the app to any social media accounts or third-party tools, and that you do not share medical data when connected to any of those accounts. “Click Click the ‘Shred’ button next to any message you’ve sent if you want it to no longer appear in your account,” Mozilla’s privacy guide says.
With Talkspace, Mozilla recommends: “Do not provide an authorization to use or disclose your medical information. If you have already provided it (or if you are unsure), revoke it by sending an email to [email protected]. Otherwise, medical records including psychotherapy notes may be shared for marketing.”
You can also ask Talkspace to limit what is shared with your insurance by emailing [email protected].
Another option for privacy-minded people is to use a virtual private network. VPNs are used to mask the location of your computer and stop an internet service provider from seeing the websites you visit.
But Narayanan said he believes VPNs are more cumbersome and less effective than other methods of protecting your data and privacy online.
Experts say online privacy remains largely outside the individual’s control
“Unfortunately, the lack of strict regulation of apps like BetterHelp and Talkspace has forced people into a very difficult choice between getting mental health support on the one hand and knowing that their privacy will be protected on the other ,” Davison said.
Davisson emphasized that people’s individual digital footprints are too complex to monitor and protect their data in any context.
“There is a significant gap in privacy protection and regulation that allows these types of applications to slip through,” he said.
Federal privacy laws vary by sector, and HIPAA is limited to health plans, healthcare clearinghouses and healthcare providers, according to Davisson.
Federal law requires protecting patients’ personal health information from being exposed without their knowledge or consent, but Davisson said that typically doesn’t apply to mental health apps or other health apps like period trackers.
