New York, April 5 Two US-based startups that focussed on counselling alcoholics have been, for years, sharing with advertisers their patients' personal information and health data without their consent, the media reported.
In a disclosure filed with California's attorney general last week, Monument and Tempest said that ad trackers of Facebook, Google, Microsoft and Pinterest led to leak of more than 100,000 patients' information, TechCrunch reported.
The leaked data includes patient names, dates of birth, email and postal addresses, phone numbers and membership numbers associated with the companies and patients' insurance provider.
Alarmingly, it also included the person's photo, unique digital ID, which services or plan the patient is using, appointment information and assessment and survey responses submitted by the patient, which includes detailed responses about a person's alcohol consumption and used to determine their course of treatment, the report said.
Launched in 2020, Monument is a tele-health service that provides access to prescription medication and therapies to combat alcohol use disorders. Tempest, acquired by Monument in 2022, focuses on curbing alcohol abuse.
According to Monument, it reviewed its use of ad trackers after the US government issued guidance to health companies about them in late 2022.
Trackers are embedded into ads, websites, or emails to track information about what a user clicks or the forms they fill out, which then gets used by both parties to create tailored ads or better understand their user bases.
Monument, in its disclosure, confirmed that tracking tools had been exposing user information on its site since January 2020 and on Tempest as far back as November 2017. The companies said they have stopped using "most" tracking tools in late 2022 and "fully disconnected" them from their websites by February this year, the Verge reported.
"Protecting our patients' privacy is a top priority," Monument CEO Mike Russell was quoted as saying to The Verge.
"We have put robust safeguards in place and will continue to adopt appropriate measures to keep data safe. In addition, we have ended our relationship with third-party advertisers that will not agree to comply with our contractual requirements and applicable law," he added.
Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor