Sensitive health info possibly disclosed to ad networks
On February 2, 2023, four members of the United States Senate sent a letter to Monument Inc. (also known as Monument Telehealth Group) where they “express our concern regarding reports that Monument is tracking and sharing sensitive and personally identifiable health data with third-party social media and online search platforms such as Google and Facebook that monetize this data to target advertisements,” using what is known as the Meta Pixel tracking cookie.
The Senators expressed concern that more than 30,000 patients used Monument’s website as of 2021.
Monument is a virtual substance abuse treatment center based in New York but operates nationwide through the website joinmonument.com. Monument provides referral services for online alcohol and treatment program services.
It claims to be “The gold standard in alcohol treatment. …designed to get you meaningful results even if you’re short on time and don’t have the budget for expensive treatment programs or alcohol rehab. … [with] plans [that] work around your schedule, and are price competitive with or without insurance.”
Monument offers online alcohol therapy, medication to stop drinking, a 24/7 anonymous forum, and online alcohol support groups.
On Monument’s website, patients are asked to answer a series of questions about their alcohol use and mental health. Although Monument’s website also claims that “any information you enter with Monument is 100% confidential, secure, and HIPAA compliant,” this information is reportedly sent to advertising platforms, along with the information required to identify users.
Such data is highly personal and can be used to target advertisements for services that may be unnecessary or that, according to the U.S. Senate, may be “potentially harmful physically, psychologically, or emotionally.”
The Senate request for information comes shortly after the FTC obtained a $1.5 million penalty and an agreement against GoodRx barring the company from sharing users’ sensitive health data with third-party advertisers.
If you have used Monument’s services over the last two years, your personal information may have been sold to third-party advertisers such as Facebook and Google without your informed consent.
Your legal rights under California law
California’s privacy laws specifically protect your personal information. These laws include:
- The California Invasion of Privacy Act (CIPA) makes it unlawful for businesses to engage in electronic “wiretapping” without consent or help other entities, like Facebook, intercept electronic communications without consumer consent. The CIPA may entitle consumers to $5,000 or three times their damages, whichever is greater.
- The Confidential Medical Information Act (CMIA) protects confidential health-related information. The CMIA prohibits a health care provider, health care service plan, or contractor from disclosing patient information without authorization. The CMIA may entitle consumers to $1,000 without proof of any monetary damages.
It is unclear at this time whether the information provided to companies due to these tracking pixels violated that law. An investigation into exactly what information was provided to third parties is ongoing.
Depending on the nature of the disclosures, you may be entitled to $1,000 or more, or your actual damages, whichever is greater, depending on which California laws this conduct may have violated.
Participants can recover damages, injunctive relief (to ensure the business has reasonable security practices to protect consumer data), and anything else necessary to compensate victims and prevent these harms from occurring again.
Experienced class action attorneys can help you exercise your rights, evaluate your options and decide whether you are entitled to compensation. You have no out-of-pocket costs, as we only get paid if we prevail.
This data has significant value, as evidenced by what Monument has done to allow companies like Facebook and Google to access your personal information.
If you have used Monument’s services over the last two years, your personal information may have been sold to third-party advertisers without your informed consent.