A Finnish e-health company has been under scrutiny because their patients’ data was hacked and their users blackmailed by threats of leaking their personal information. Apparently the security measures Vastaamo undertook were insufficient, which is why the company has been under fire.
As an e-health company, at Ameliate we also deal with sensitive information. However, our approach is entirely different. We avoid the pitfalls of potential security threats by not collecting personal information. No names, no addresses, and no social security numbers. Even the diary entry descriptions are optional – after all, the incidences are already known to the users. We encourage our users to use made up user names and if they so desire, non-identifiable email addresses.
The idea for not collecting personally identifiable data stems from our background in researching people. Whenever human participants were concerned, it was important to anonymise the data. Similarly, the personal data on our platform is limited to the bare minimum – how the users login. Secondly, it’s not in our interests to know personally identifiable data from our users. Our company’s business model is not to sell personal data and therefore there’s no reason to collect it.
We take pride in offering as much privacy as possible for our users while still providing a service that helps them in their mental well-being.
[image: Kimmo Brandt/EPA]