Digital Health

Health Breach Notification Tracking

It's been 1005 days and still no health breach notifications from 22 companies blatantly violating people's health privacy rights.

Jonathan JK Stoltman, PhD

Apr 30, 2024 — 4 min read

We're trying a new way to shine a light on privacy issues related to online addiction treatment and recovery support. We're now conducting monthly tracking of whether the companies are fulfilling their legal requirement to disclose their health breaches to HHS OCR, the FTC, the affected individuals, and the media.

As shown in the FTC cases against Cerebral and Monument:

Yes, using privacy-violating tools (e.g., Google Analytics, Meta [Facebook] Pixel) by companies that provide addiction treatment and recovery support is sufficient to trigger a health breach notification.
No, cookie banners and "click here to see privacy practices" do not qualify as informed consent.

We are now outside the 60-day mandatory health breach notifications timeframe for 21/23 companies we study, making this the perfect time to start tracking compliance with this important law.

Let's see how the companies did!

Support Our Work ❤️

Public News Service 🔉(24 April 2024)

'Lazarus drug' may have competition in MI Important reporting about the harmful push to get other opioid overdose formulations more widely available in Michigan. These new formulations/medications (high-dose naloxone and nalmefene) will massively harm affected community members and not reduce overdose deaths. NOTE: Naloxone has been working

Why We Ask for Your Email

Some insight into our principles and how they affect business operations

WZZM ABC News Grand Rapids 📹 (17 April 2024)

People deserve to know how this money will be spent to save lives and make our community safe for everyone.

Bridge Michigan (16 April 2024)

The use of fear to push products that will hurt people instead of helping them is disgusting.