Lawsuits, congressional attention, and recent reports are all focused on the same unifying topic.
This probably comes as no surprise to read, but during the last couple of years, digital health has been “in.” The COVID-19 pandemic initiated an explosion in the use of technology in the healthcare industry, particularly in the use of the Internet.
But as the saying goes, every rose has its thorn. And recently, when it comes to digital health, the thorn seems to be data security breaches. Both top telehealth companies and several healthcare systems have been hit with claims that they are sharing and/or selling patient data to advertisers or other third parties without consumers’ permission, or even knowledge.
The various consequences are likely to influence how Congress, the healthcare industry, and the public envision the role of digital health in the future.
In early February, the Federal Trade Commission (FTC) hit popular digital health platform GoodRx with a $1.5 million civil penalty for sharing user health data with third parties for advertising purposes. The FTC stated that GoodRX shared information such as users’ prescription medications and health conditions with companies like Facebook and Google, which in turn used that information to advertise related businesses, services, and products on the users’ accounts. The FTC called on a never-before-used rule called the Health Breach Notification Rule that was expanded in 2021 to address the unauthorized sharing of data; digital health apps are included in its purview.
Similarly, a bipartisan group of senators sent inquiries this month to three telehealth companies after a recent report indicated that those companies were tracking and sharing private patient data. The lawmakers were extremely concerned following the report, which was released by The Markup and STAT. The report showed how often telehealth companies were engaging in these practices.
Of the 50 companies looked at, 35 sent personal information with third-party advertisers, 13 shared users’ questionnaire answers, and 11 shared what items users had put into their digital shopping carts. The letters from the senators requested more information on the companies’ data-sharing practices, including a complete list of questions users are asked on the platform, all recipients of tracked user information for the last three years, and information on how the companies plan to protect user data in the future.
Not even hospitals are immune from scrutiny, as just this month, two large hospital networks and Cedars-Sinai Medical Center in Los Angeles were hit with lawsuits over their data collection and sharing practices. Cedars-Sinai is being sued by a patient, and his lawsuit alleges that he was targeted with extremely specific advertisements and marketing schemes about his chronic illness following treatment at the hospital.
Cedars-Sinai allegedly uses a website code that led to the hospital’s website gathering, analyzing, and sharing medical data. Two Louisiana health systems have just been hit with similar accusations, with class-action lawsuits being filed following patients seeing similar incidents.
These are only the latest among several more lawsuits around the country, with another Markup/STAT study finding that dozens of the nation’s top hospitals used similar code on their websites.
When asked about the GoodRx settlement, a director at the FTC was quoted as saying the agency was “serving notice” that it will “protect American consumers’ sensitive data from misuse and illegal exploitation.”
With the senators’ inquiry into telehealth and similar congressional inquiries into Meta’s user data protection, it’s clear that shielding Americans’ private health data is a priority, both legally and legislatively, moving further into the 2023 session.
While the coverage of telehealth is definitely a good thing, it has caused needless confusion. I would like to address a little of that today.
Risk adjustment has entered a new era. We are no longer operating in a documentation optimization environment; we are operating in an enforcement and recalibration
Please log in to your account to comment on this article.
Sepsis sequencing continues to challenge even experienced coding and CDI professionals, with evolving guidelines, documentation gaps, and payer scrutiny driving denials and data inconsistencies. In this webcast, Payal Sinha, MBA, RHIA, CCDS, CDIP, CCS, CCS-P, CCDS-O, CRC, CRCR, provides clear guideline-based strategies to accurately code sepsis, severe sepsis, and septic shock, assign POA indicators, clarify the relationship between infection and organ dysfunction, and align documentation across teams. Attendees will gain practical tools to strengthen audit defensibility, improve first-pass accuracy, support appeal success, reduce denials, and ensure accurate quality reporting, empowering organizations to achieve consistent, compliant sepsis coding outcomes.
Expert presenters Kathy Pride, RHIT, CPC, CCS-P, CPMA, and Brandi Russell, RHIA, CCS, COC, CPMA, break down complex fracture care coding rules, walk through correct modifier application (-25, -57, 54, 55), and clarify sequencing for initial and subsequent encounters. Attendees will gain the practical knowledge needed to submit clean claims, ensure compliance, and stay one step ahead of payer audits in 2026.
Accurately determining the principal diagnosis is critical for compliant billing, appropriate reimbursement, and valid quality reporting — yet it remains one of the most subjective and error-prone areas in inpatient coding. In this expert-led session, Cheryl Ericson, RN, MS, CCDS, CDIP, demystifies the complexities of principal diagnosis assignment, bridging the gap between coding rules and clinical reality. Learn how to strengthen your organization’s coding accuracy, reduce denials, and ensure your documentation supports true medical necessity.
Denials continue to delay reimbursement, increase administrative burden, and threaten financial stability across healthcare organizations. This essential webcast tackles the root causes—rising payer scrutiny, fragmented workflows, inconsistent documentation, and underused analytics—and offers proven, data-driven strategies to prevent and overturn denials. Attendees will gain practical tools to strengthen documentation and coding accuracy, engage clinicians effectively, and leverage predictive analytics and AI to identify risks before they impact revenue. Through real-world case examples and actionable guidance, this session empowers coding, CDI, and revenue cycle professionals to shift from reactive appeals to proactive denial prevention and revenue protection.
In this timely session, Stacey Shillito, CDIP, CPMA, CCS, CCS-P, CPEDC, COPC, breaks down the complexities of Medical Decision Making (MDM) documentation so providers can confidently capture the true complexity of their care. Attendees will learn practical, efficient strategies to ensure documentation aligns with current E/M guidelines, supports accurate coding, and reduces audit risk, all without adding to charting time.
Join Ronald Hirsch, MD, FACP, CHCQM for The PEPPER Returns – Risk and Opportunity at Your Fingertips, a practical webcast that demystifies the PEPPER and shows you how to turn complex claims data into actionable insights. Dr. Hirsch will explain how to interpret key measures, identify compliance risks, uncover missed revenue opportunities, and understand new updates in the PEPPER, all to help your organization stay ahead of audits and use this powerful data proactively.
Stay ahead of the 2026-2027 audit surge with “Top 10 Audit Targets for 2026-2027 for Hospitals & Physicians: Protect Your Revenue,” a high-impact webcast led by Michael Calahan, PA, MBA. This concise session gives hospitals and physicians clear insight into the most likely federal audit targets, such as E/M services, split/shared and critical care, observation and admissions, device credits, and Two-Midnight Rule changes, and shows how to tighten documentation, coding, and internal processes to reduce denials, recoupments, and penalties. Attendees walk away with practical best practices to protect revenue, strengthen compliance, and better prepare their teams for inevitable audits.
As AI reshapes healthcare compliance, the risk of biased outputs and opaque decision-making grows. This webcast, led by Frank Cohen, delivers a practical Four-Pillar Governance Framework—Transparency, Accountability, Fairness, and Explainability—to help you govern AI-driven claim auditing with confidence. Learn how to identify and mitigate bias, implement robust human oversight, and document defensible AI review processes that regulators and auditors will accept. Discover concrete remedies, from rotation protocols to uncertainty scoring, and actionable steps to evaluate vendors before contracts are signed. In a regulatory landscape that moves faster than ever, gain the tools to stay compliant, defend your processes, and reduce liability while maintaining operational effectiveness.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
