Mental Health Apps Online Therapy Meditation Apps

Modern Health

Wi-Fi

Data recenzji: 5 października 2022

Według Mozilli:

Według użytkowników: Ogromnie przerażające

Mozilla recently decided to offer the mental health app Modern Health to employees as part of our wellbeing program. With the growing mental health crisis around the world, many companies are adding access to mental health apps to their wellbeing programs too. It can be challenging to find companies capable of meeting high privacy standards, and so we decided it was important we include a review of the mental health app we offer to share what it is like to navigate these privacy concerns.

First, a little about Modern Health. The app offers a full spectrum of mental health services, including 1:1 sessions with care professionals, guided meditations, group sessions, digital programs, well-being assessments and more. Offered through your employer, access to the app is free. One of the features Modern Health offers the over 250 companies that use their service is access to "aggregated and de-identified" data through an "Insights Hub". How does Modern Health look from a privacy perspective? Well, even the mental health app Mozilla uses raises a few privacy concerns for us. We hope to see improvements. We will update this post when we do.

Update: Modern Health updated their privacy policy again on September 28, 2022. We've include a note on these updates below. After working with Modern Health for months to improve their privacy policy, they have improved enough to no longer earn our *Privacy Not Included warning label.

Update: Modern Health updated their privacy policy on June 30, 2022. We've included a note on these updates below.

Co się może stać, jeśli coś pójdzie nie tak?

Modern Health's privacy notice raised flags for us because they say they can collect a large amount of personal information and combine or enhance this information with more information they collect on you from third parties for things such as providing more personalized services. Modern Health says they can collect a fair amount of personal information, including name, mailing address, e-mail address, telephone number, date of birth, IP address, location information, social media information, video recordings and photographs, and information about your dependents.

And remember, they might also collect information about you from your employer. Their privacy policy reads, “…we may receive Personal Information about you from our customers (who may be your employer) to enable us to validate your eligibility to use the Service. This information may include your name, work email address, postal code, date of birth, gender, race/ethnicity, employee ID number or code (if applicable), employment start and end dates, department, title, job code (if applicable), office location, performance information, health claims data, or survey information about your work satisfaction and related topics.” So far, that's a lot of information gathered on you.

Modern Health did make a clarification in the update they made to their privacy policy on June 30, 2022 regarding how they do interest-based targeted advertising. Their privacy policy reads, “We do not target any advertisements toward individual consumers or members of our platform. We may engage third party service providers who utilize tracking technologies on our corporate website (www.modernhealth.com) to serve advertisements that may be of interest to potential employer-buyers of our Services. Some of these advertisements may be personalized, meaning that the advertisements are intended to be relevant to potential employer-buyers based on what we, or the third party service providers, know about them…” So, they do use personal information for targeted advertising, but they say they don't target “individual consumers or members.” All this is still a bit confusing. Hopefully this mean if you use Modern Health as a wellness service, nothing you do on the platform or website will be used to target you with ads anywhere else on the internet.

Finally, Modern Health does say they can share your personal information with a number of third parties, including business affiliates and your employer. Their privacy notice describes the "business affiliate" as a related company that actually performs the mental health care services called "Modern Health Affiliated Covered Entity." It has its own privacy notice as Modern Health says it is covered by the Federal Health privacy law, HIPPA.

So yes, even the mental health app Mozilla offers employees raises some privacy concerns for us. And overall, employer-provided access to mental health apps raises a number of privacy concerns employees should consider before using these apps. We recommend reaching out to your company's HR or wellness department to learn what access to data your company has for such apps and what policies they have in place to keep any data collected private, secure, and anonymous.

One final thing, one of the co-founders of Modern Health, who has since left the company, raised her own concerns and offered solutions about the problems she sees with mental health apps broadly and patient safety in this space.

Wskazówki, jak się chronić

Ensure you have a strong password
Do not allow third-party tools access to your medical data
Do not give permission to combine your data with other third-party data, or to use it for research

mobile

Czy może mnie podsłuchiwać?

Aparat

Urządzenie: Nie dotyczy

Aplikacja: Tak

Mikrofon

Urządzenie: Nie dotyczy

Aplikacja: Tak

Śledzi położenie

Urządzenie: Nie dotyczy

Aplikacja: Tak

Czego można użyć do rejestracji?

Jakie dane zbiera ta firma?

Jak ta firma wykorzystuje te dane?

Update: Modern Health updated their policy around May 1, 2022 to say they utilize tracking for advertising on their marketing website and not on their platform. This is a good step forward even if we still have questions about their collection and use of the data for targeted advertising purposes.

Update: Modern Health updated their privacy policy again June 30, 2022. In this update to their privacy policy they clarify that they “do not sell, disclose, and/or share your Personal Information to other businesses or third parties for monetary or valuable consideration.” Modern Health also clarified how they do targeted advertising.

Their privacy policy now reads, “We do not target any advertisements toward individual consumers or members of our platform. We may engage third party service providers who utilize tracking technologies on our corporate website (www.modernhealth.com) to serve advertisements that may be of interest to potential employer-buyers of our Services. Some of these advertisements may be personalized, meaning that the advertisements are intended to be relevant to potential employer-buyers based on what we, or the third party service providers, know about them, such as employment at or agency for a company that might be interested in offering Modern Health as a benefit to its employees.”

Finally, Modern Health clarified in their privacy policy data sharing with employers by saying, “We do not share any Personal Information with employers unless necessary to prevent imminent harm (e.g., crisis management) or as required by law. We only share anonymized and aggregated information with employers.”

“If you are accessing the service through an employer (such as single sign-on), your employer may collect information about your login activity, including whether and when you access Modern Health Services. Modern Health does not control the information collection practices of employers or other benefit providers, and you should consult their internal policies and procedures for more information about their information collection practices.”

Modern Health's privacy policy reads, “…we may receive Personal Information about you from our customers (who may be your employer) to enable us to validate your eligibility to use the Service. This information may include your name, work email address, postal code, date of birth, gender, race/ethnicity, employee ID number or code (if applicable), employment start and end dates, department, title, job code (if applicable), office location, performance information, health claims data, or survey information about your work satisfaction and related topics.”

Modern Health says they do some targeted interest-based advertising, “We do not target any advertisements toward individual consumers or members of our platform. We may engage third party service providers who utilize tracking technologies on our corporate website (www.modernhealth.com) to serve advertisements that may be of interest to potential employer-buyers of our Services. Some of these advertisements may be personalized, meaning that the advertisements are intended to be relevant to potential employer-buyers based on what we, or the third party service providers, know about them, such as employment at or agency for a company that might be interested in offering Modern Health as a benefit to its employees.”

When permitted by law, Modern Health may also enhance or combine information about you, including your Personal Information, with information about you that we obtain from third parties. “We may combine information that is obtained from your use of the Services with information obtained from such third parties in order to provide you with more personalized Services.”

Jak możesz kontrolować swoje dane?

Information that Modern Health collects will be retained in a personally identifiable form for as long as necessary for the purposes described in the Policy, after which it will be deleted or maintained in a non-personally identifiable form. Modern Health may retain information in order to comply with their legal obligations (such as tax, accounting or health privacy purposes).

Update to Modern Health's privacy policy on September 28, 2022

Modern Health updated their privacy policy to say they will respect and honor the data access and deletion requests of any user, regardless of where they live. Their privacy policy now reads:

"You have control over your Personal Information as described in more detail below. For example, you may request access to or deletion of your Personal Information by contacting us. We will honor your request regardless of where you live or are physically located unless a legal requirement prevents us from doing so or a legal exception applies."

We have determined this is sufficient to meet our privacy criteria and they will no longer receive a privacy ding for how users can control their data. This is the type of change we like to see made by companies we reviews.

Update to Modern Health's privacy policy on June 30, 2022.

Modern Health's privacy policy states, “…you may request access to or deletion of your Personal Information by contacting us. We will handle any request in accordance with applicable law. Note that privacy rights may not be absolute. We may refuse or deny a request in accordance with applicable privacy laws.” Unfortunately, this statement is not clear to us that they will grant all users requests for data deletion, regardless of where they live earning them a privacy ding from us.

Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?

Średnia

No known privacy or security incidents discovered in the last 3 years.

Informacje o prywatności dziecka

"Online components of our Services are not directed to children under the age of thirteen (13), and we do not knowingly collect Personal Information via online Services from children under the age of 13. Some Services can be provided to those under thirteen but this is handled outside of our online Services (e.g., by phone) and therefore electronic information for children under the age of 13 is not available. If you think that we have collected Personal Information via an online Service from a child under the age of 13, please contact us. The Service is not intended to be accessed by minors under the age of eighteen (18) except as authorized by their parents or legal guardian, and we do not knowingly collect any Personal Information directly from such minors and children without such authorization. If we discover that an individual under 18 has provided us with Personal Information, we will delete the Personal Information to the extent required by the Children’s Online Privacy Protection Act."

Czy ten produkt może być używany bez połączenia z siecią?

Nie

Przyjazne dla użytkownika informacje o prywatności?

Nie

Odnośniki do informacji o prywatności

Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa?

Tak

Szyfrowanie

Tak

Modern Health applies PGP encryption to verify that any data exchanged is encrypted between the sender and receiver

Silne hasło

Tak

Aktualizacje zabezpieczeń

Tak

Zajmuje się problemami z bezpieczeństwem

Tak

Modern Health has a disclosure policy, security vulnerabilities can be reported to [email protected]

Zasady ochrony prywatności

Tak

Czy produkt wykorzystuje sztuczną inteligencję?

Nie można ustalić

Czy tej sztucznej inteligencji nie można ufać?

Nie można ustalić

Jakie decyzje sztuczna inteligencja podejmuje o Tobie lub za Ciebie?

Czy firma jest przejrzysta w kwestii działania sztucznej inteligencji?

Nie można ustalić

Czy użytkownik ma kontrolę nad funkcjami sztucznej inteligencji?

Nie można ustalić

Dowiedz się więcej

Gatekeepers need to tame ‘Wild West’ of mental health and other digital health therapeutics
STAT
The Inside Story of a Scorched-Earth Breakup Between Two Founder Friends
The Information
Insights from user reviews to improve mental health apps
Sage Journals
Modern Health rolls out data tool for employers to better pinpoint workers' mental health needs
Fierce Healthcare
Lyra vs Modern Health vs Ginger: What’s the Best Mental Health Platform for Employees?
Fin vs Fin