Lisa McLaughlin, Co-CEO of WorkIt Health, says her company is “committed to creating a safe environment for our members to receive the most intelligent and effective care.” A representative for Confidant Health also confirms that the company recognizes the importance of privacy in SUD care and will “continue to comply with HIPAA and related laws and follow our internal policies that we have created to protect our members.”
Representatives of other companies included in the study did not deny the use of third parties identified by the researchers, but maintained that this does not threaten the privacy of patients and is consistent with the standards on the Internet and in the medical environment.
Nick Mercadante, founder and CEO of PursueCare, says his company does not collect, store, or forward protected health information on users, and that patients do not receive their care directly on the PursueCare website. He said PursueCare does not share protected health information (PHI) with third parties, although it “uses Facebook Pixel and Google Analytics for internal purposes.”
“It’s true that most web users today can collect data,” says Mercadante. “Health-related websites, including those for health care, hospitals, hospices, and other brick-and-mortar facilities, are no different.”
Pear Therapeutics, which administers reSET-O, says it does not share PHI without patient consent, does not use any digital means to identify users, and describes the data as “aggregated and de-identified.”
Experts remain concerned with the collection of data in the first place, anonymous or not, but they agree that what is happening now is illegal and can continue for that reason. Danielle Tarino, who previously led SAMHSA’s health team and now works on cybersecurity, has spent a lot of time researching the privacy implications of mHealth, particularly for people with substance use disorders. He believes that the best shot at protecting privacy will come from developing and implementing additional tools.
“That’s how small businesses work, and if no one tells you you’re not allowed to do it, you’re allowed to do it,” he says, questioning whether websites using third-party advertisers and software are on the decline. to the economy. Clark, too, expresses concern that the use of data collection is controlled by money and, for a reasonable price, can be sold or leased to the police or other groups. “When there are financial incentives, people change. When there are no financial incentives, it doesn’t happen,” he says. In short, privacy experts do not expect mHealth companies to stop collecting data unless forced to do so.
The opinions of cyber security experts and CEOs of telehealth companies are important, but perhaps even more important are the opinions of drug addicts, the people who stand to lose the most if the experts’ fears come true and for whom Part 2 was created. . When shown the findings, one patient who uses brick-and-mortar clinics said via direct link, “Thanks for reconfirming why I don’t use the phone.” He said he’s not sure the findings will stop anyone from using telehealth if it’s the only way to get treatment. Patients should only trust their caregivers to do what is in their best interest.
One patient who used one of the companies that OPI and LAC reviewed was shocked by what they found. “He should [be required to] have a job that prevents them from following anything like that,” he says.
“How much money is mine?” he asks, he doubts whether the data from his website and other patients using the website was worth more than the few hundred dollars he makes every month as patients. “It’s very dangerous. This is the first time in my life that I haven’t been tested in 10 years. Now, I’m not. To think that someone will actually look… Who knows what will happen?”