Mozilla recently decided to offer the mental health app Modern Health to employees as part of our wellbeing program. With the growing mental health crisis around the world, many companies are adding access to mental health apps to their wellbeing programs too. It can be challenging to find companies capable of meeting high privacy standards, and so we decided it was important we include a review of the mental health app we offer to share what it is like to navigate these privacy concerns.
First, a little about Modern Health. The app offers a full spectrum of mental health services, including 1:1 sessions with care professionals, guided meditations, group sessions, digital programs, well-being assessments and more. Offered through your employer, access to the app is free. One of the features Modern Health offers the over 250 companies that use their service is access to "aggregated and de-identified" data through an "Insights Hub" . How does Modern Health look from a privacy perspective? We're happy to see they've improved their privacy practices since we first reviewed them in 2022.
What could happen if something goes wrong?
First reviewed April 20, 2022. Review updated, April 25, 2023
Good news! Modern Health's privacy practices and policies have improved since we released our review in 2022. Indeed, after our review came out, we had many discussions with Modern Health about ways they could improve their privacy policy and clarify their privacy practices. We were heartened to see these implemented. Now, all users of Modern Health, regardless of what privacy laws they live under, have the right to access and delete their data. Modern Health also explicitly states in their privacy policy that they "do not sell, disclose, and/or share your Personal Information to other businesses or third parties for monetary or valuable consideration." That is certainly something we like to see explicitly stated.
A couple of other improvements we've seen from Modern Health include clarifying in their privacy policy that while they target ads towards employer-customers and brokers based on information gathered from their website, they do not target ads towards Modern Health members or individual consumers. And last year when we reached out to Modern Health at the email listed in their privacy policy for privacy related questions, we never heard back from them. They acknowledged that email was going unmonitored and have since made sure the email addresses listed in their privacy policy for consumers to ask questions are now better monitored.
We do still have some questions about Modern Health and how they say they can gather personal information about you from third parties and combine that with data they already have on you to provide more personalization in their services. This isn't super uncommon these days, but it's still something you should know about. All in all though, Modern Health's privacy policies have improved a since 2022 and that makes us happy.
Read our 2022 review:
Update: Modern Health updated their privacy policy again on September 28, 2022. We've include a note on these updates below. After working with Modern Health for months to improve their privacy policy, they have improved enough to no longer earn our *Privacy Not Included warning label.
Update: Modern Health updated their privacy policy on June 30, 2022. We've included a note on these updates below.
Modern Health's privacy notice raised flags for us because they say they can collect a large amount of personal information and combine or enhance this information with more information they collect on you from third parties for things such as providing more personalized services. Modern Health says they can collect a fair amount of personal information, including name, mailing address, e-mail address, telephone number, date of birth, IP address, location information, social media information, video recordings and photographs, and information about your dependents.
And remember, they might also collect information about you from your employer. Their privacy policy reads, "...we may receive Personal Information about you from our customers (who may be your employer) to enable us to validate your eligibility to use the Service. This information may include your name, work email address, postal code, date of birth, gender, race/ethnicity, employee ID number or code (if applicable), employment start and end dates, department, title, job code (if applicable), office location, performance information, health claims data, or survey information about your work satisfaction and related topics." So far, that's a lot of information gathered on you.
Modern Health did make a clarification in the update they made to their privacy policy on June 30, 2022 regarding how they do interest-based targeted advertising. Their privacy policy reads, "We do not target any advertisements toward individual consumers or members of our platform. We may engage third party service providers who utilize tracking technologies on our corporate website (www.modernhealth.com) to serve advertisements that may be of interest to potential employer-buyers of our Services. Some of these advertisements may be personalized, meaning that the advertisements are intended to be relevant to potential employer-buyers based on what we, or the third party service providers, know about them..." So, they do use personal information for targeted advertising, but they say they don't target "individual consumers or members." All this is still a bit confusing. Hopefully this mean if you use Modern Health as a wellness service, nothing you do on the platform or website will be used to target you with ads anywhere else on the internet.
Finally, Modern Health does say they can share your personal information with a number of third parties, including business affiliates and your employer. It is unclear from their privacy policy who the business affiliates are.
So yes, even the mental health app Mozilla offers employees raises some privacy concerns for us.. And overall, employer-provided access to mental health apps raises a number of privacy concerns employees should consider before using these apps. We recommend reaching out to your company's HR or wellness department to learn what access to data your company has for such apps and what policies they have in place to keep any data collected private, secure, and anonymous.
One final thing, one of the co-founders of Modern Health, who has since left the company, raised her own concerns and offered solutions about the problems she sees with mental health apps broadly and patient safety in this space
Tips to protect yourself
- Choose a strong password! You may use a password control tool like 1Password, KeePass etc
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
Can it snoop on me?
Camera
Device: N/A
App: Yes
Microphone
Device: N/A
App: Yes
Tracks location
Device: N/A
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
Yes
What data does the company collect?
Personal
Name, mailing address, e-mail address, and telephone and fax number, location. When you create a user account: name, company, date of birth, contact information (phone number, email address), location, preferred password, and primary language.
Body related
Information about your health or medical condition, and your treatment
Social
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known privacy or security incidents discovered in the last 3 years.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Modern Health applies PGP encryption to verify that any data exchanged is encrypted between the sender and receiver
Strong password
Security updates
Manages vulnerabilities
Modern Health has a disclosure policy, security vulnerabilities can be reported to [email protected].
Privacy policy
Dive Deeper
-
Gatekeepers need to tame ‘Wild West’ of mental health and other digital health therapeuticsSTAT
-
The Inside Story of a Scorched-Earth Breakup Between Two Founder FriendsThe Information
-
Insights from user reviews to improve mental health appsSage Journals
-
Modern Health rolls out data tool for employers to better pinpoint workers' mental health needsFierce Healthcare
-
Lyra vs Modern Health vs Ginger: What’s the Best Mental Health Platform for Employees?Fin vs Fin
Comments
Got a comment? Let us hear it.