Lawsuits, congressional attention, and recent reports are all focused on the same unifying topic.
This probably comes as no surprise to read, but during the last couple of years, digital health has been “in.” The COVID-19 pandemic initiated an explosion in the use of technology in the healthcare industry, particularly in the use of the Internet.
But as the saying goes, every rose has its thorn. And recently, when it comes to digital health, the thorn seems to be data security breaches. Both top telehealth companies and several healthcare systems have been hit with claims that they are sharing and/or selling patient data to advertisers or other third parties without consumers’ permission, or even knowledge.
The various consequences are likely to influence how Congress, the healthcare industry, and the public envision the role of digital health in the future.
In early February, the Federal Trade Commission (FTC) hit popular digital health platform GoodRx with a $1.5 million civil penalty for sharing user health data with third parties for advertising purposes. The FTC stated that GoodRX shared information such as users’ prescription medications and health conditions with companies like Facebook and Google, which in turn used that information to advertise related businesses, services, and products on the users’ accounts. The FTC called on a never-before-used rule called the Health Breach Notification Rule that was expanded in 2021 to address the unauthorized sharing of data; digital health apps are included in its purview.
Similarly, a bipartisan group of senators sent inquiries this month to three telehealth companies after a recent report indicated that those companies were tracking and sharing private patient data. The lawmakers were extremely concerned following the report, which was released by The Markup and STAT. The report showed how often telehealth companies were engaging in these practices.
Of the 50 companies looked at, 35 sent personal information with third-party advertisers, 13 shared users’ questionnaire answers, and 11 shared what items users had put into their digital shopping carts. The letters from the senators requested more information on the companies’ data-sharing practices, including a complete list of questions users are asked on the platform, all recipients of tracked user information for the last three years, and information on how the companies plan to protect user data in the future.
Not even hospitals are immune from scrutiny, as just this month, two large hospital networks and Cedars-Sinai Medical Center in Los Angeles were hit with lawsuits over their data collection and sharing practices. Cedars-Sinai is being sued by a patient, and his lawsuit alleges that he was targeted with extremely specific advertisements and marketing schemes about his chronic illness following treatment at the hospital.
Cedars-Sinai allegedly uses a website code that led to the hospital’s website gathering, analyzing, and sharing medical data. Two Louisiana health systems have just been hit with similar accusations, with class-action lawsuits being filed following patients seeing similar incidents.
These are only the latest among several more lawsuits around the country, with another Markup/STAT study finding that dozens of the nation’s top hospitals used similar code on their websites.
When asked about the GoodRx settlement, a director at the FTC was quoted as saying the agency was “serving notice” that it will “protect American consumers’ sensitive data from misuse and illegal exploitation.”
With the senators’ inquiry into telehealth and similar congressional inquiries into Meta’s user data protection, it’s clear that shielding Americans’ private health data is a priority, both legally and legislatively, moving further into the 2023 session.
Healthcare compliance just got a lot more complicated. We’re not dealing with traditional whistleblowers anymore – the ones who needed inside access to spot problems.
As Congress again turns its focus to budget concerns, healthcare might be on the backburner for a while. However, two new studies examining the No
Please log in to your account to comment on this article.
Sepsis remains one of the most frequently denied and contested diagnoses, creating costly revenue loss and compliance risks. In this webcast, Angela Comfort, DBA, MBA, RHIA, CDIP, CCS, CCS-P, provides practical, real-world strategies to align documentation with coding guidelines, reconcile Sepsis-2 and Sepsis-3 definitions, and apply compliant queries. You’ll learn how to identify and address documentation gaps, strengthen provider engagement, and defend diagnoses against payer scrutiny—equipping you to protect reimbursement, improve SOI/ROM capture, and reduce audit vulnerability in this high-risk area.
Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY26 IPPS, including new ICD-10-CM/PCS codes, CCs/MCCs, and MS-DRGs, plus insights, analysis and answers to your questions from two of the country’s most respected subject matter experts.
This third session in our 2026 IPPS Masterclass will feature a review of FY26 changes to the MS-DRG methodology and new technology add-on payments (NTAPs), presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
This second session in our 2026 IPPS Masterclass will feature a review the FY26 changes to ICD-10-PCS codes. This information will be presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
During this essential RACmonitor webcast Michael Calahan, PA, MBA Certified Compliance Officer, will clarify the rules, dispel common misconceptions, and equip you with practical strategies to code, document, and bill high-risk split/shared, incident-to & critical care E/M services with confidence. Don’t let audit risks or revenue losses catch your organization off guard — learn exactly what federal auditors are looking for and how to ensure your documentation and reporting stand up to scrutiny.
Learn how to navigate the proposed elimination of the Inpatient-Only list. Gain strategies to assess admission status, avoid denials, protect compliance, and address impacts across Medicare and non-Medicare payors. Essential insights for hospitals.
RACmonitor is proud to welcome back Dr. Ronald Hirsch, one of his most requested webcasts. In this highly anticipated session, Dr. Hirsch will break down the complex Two Midnight Rule Medicare regulations, translating them into clear, actionable guidance. He’ll walk you through the basics of the rule, offer expert interpretation, and apply the rule to real-world clinical scenarios—so you leave with greater clarity, confidence, and the tools to ensure compliance.
Bring your questions and join the conversation during this open forum series, live every Wednesday at 10 a.m. EST from June 11–July 30. Hosted by Chuck Buck, these fast-paced 30-minute sessions connect you directly with top healthcare experts tackling today’s most urgent compliance and policy issues.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
