Sahar*, a 32-year-old journalist, had no choice but to start virtual therapy when the COVID-19 pandemic rendered travel and in-person counselling impossible. Instead, Sahar met their therapist via Google Meet and WhatsApp.
As more Indians seek mental healthcare via apps to bridge physical distances or access affordable services, the question remains: does client confidentiality ensure the digital security of the personal data a client shares with their therapist?
Defining the “therapy app”
Therapy apps conjure up a spectrum of healthcare options. For many Indian clients, they can simply mean services like Zoom, Google Meet, or WhatsApp, through which they speak with their therapists.
However, therapy apps also include specialised tele-counselling services/apps such as BetterHelp, which matches clients worldwide with affiliated therapists. Users can also try AI-powered apps like Wysa, Woebot and Happify which offer basic mental health guidance.
Screenshot of a sample chat on the Wysa app | Photo Credit: Wysa
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
However, apps like Zoom, Google Meet, and WhatsApp are popular, working across devices and offering greater familiarity than independent videoconferencing solutions used by tele-counselling companies.
Data privacy concerns in virtual therapy
For media professional Varsha*, 33, virtual therapy meant saving time, effort, and money, as well as finding a queer therapist she did not already know. Varsha used Google Meet for sessions, and WhatsApp or email to contact her therapist.
“Google Meet doesn’t allow recording of meetings so I’m ok with that - I might have questions if someone suggested Zoom,” she said. (However, several Google Workspace editions allow users to record meetings.)
Clients visiting a private counsellor in person can often pay with cash and even use a false name. With virtual therapy, though, there is a loss of anonymity. To book a virtual therapy session for the first time, a client would have to share their full name, phone number, email ID, and billing information, including an address. The therapist or their organisation is also responsible for securing data such as session notes, recordings, and text communication outside of sessions.
Screenshot of the details clients must provide for a therapy session with Manastha | Photo Credit: Manastha
Researcher Natasha*, 26, who pursued virtual therapy said her information was collected using Google Forms. She used Zoom for sessions, and emailed or texted her therapist outside of sessions. The therapy organisation explained to Natasha how her data would be stored. Sahar and Varsha, meanwhile, were not briefed about their data security.
Ramya Sambamurthy, a private counselling therapist, called confidentiality the “cornerstone of therapy”. In an email, she warned that in case of a breach, the client could face additional mental distress, lose trust in the therapeutic relationship, or even suffer financial consequences because of their digital data becoming public.
“I make sure that identifiable information about my clients is always kept confidential and my digital record of my clients’ names are usually abbreviated in a way that only I can decipher, and any digital record of information on my device is password protected,” Ms. Sambamurthy explained.
“In addition to that, it helps to have a hard copy of your client’s data that you can store safely and not completely rely on digital storage,” she said.
The pandemic and encrypted tools
The COVID-19 pandemic forced both healthcare providers and seekers to quickly get acquainted with tele-counselling services and tools.
“During the pandemic, I did my research on platforms to try to ensure safeguarding my client’s data and read up on the importance of encryption and SSO [single sign-on], especially with video conferencing,” Ms. Sambamurthy said.
She added that the lack of a clear framework for tele-counselling services in India meant that counsellors had to rely on third-party applications to reach clients. She pointed to Signal, Telegram, Google Meet, Zoom, and the open-source Jitsi as being free and fully encrypted.
Yet even when virtual therapy sessions are protected, encrypted, and unrecorded, clients may sometimes hesitate to express themselves fully.
“As a journalist, I am always alert to the possibility of calls being recorded or otherwise intercepted so I often stop myself short of saying things that are sensitive in my work,” said Sahar.
Natasha agreed that she did not always feel secure sharing personal information with her therapist via email or SMS. She also feared her data might be at risk if her therapy organisation- a non-profit that she said was “challenging the status quo of mental health provision and access in India” - questioned the Indian government’s policies in the mental health sector.
Varsha, too, admitted there was a difference between data privacy and client confidentiality. “I haven’t given too much thought to data privacy while using these tools [Google Meet, WhatsApp] actually, and maybe I will now,” she said.
From a counsellor’s perspective, Ms. Sambamurthy felt that it was key to strike a balance so that clients could access therapy without struggling with technology, while also being certain of data protection.
“I’d say there are multiple options, and that making mental health more accessible relies on both convenience and security for both parties,” she said.
Profits before privacy
In March 2023, the U.S. Federal Trade Commission [FTC] ordered BetterHelp to pay $7.8 million to settle charges that it had shared users’ data - including mental health information - with companies like Facebook, Snapchat, Criteo, and Pinterest.
Screenshot of the BetterHelp app on a smartphone | Photo Credit: BetterHelp
The regulator also banned BetterHelp from sharing mental health data with third parties for targeted advertising and criticised it for betraying customers’ personal health information for profits.
India has not yet taken any action against BetterHelp, which is open to users across the world. There are also Indian companies offering similar services. The Hindu reached out to a few of these - Manastha, BetterLYF, and Manochikitsa - to learn how they protected their clients’ data. However, there was no response to requests for comments.
*Names changed for privacy
