According to the US Department of Health and Human Services’ Office for Civil Rights, the disclosure of patient information affected more than three million patients using the online virtual mental health platform Cerebral.
WHY IT IMPORTANT
Cerebral is a consumer-facing telehealth platform that provides mental and behavioral health services to patients with or without insurance.
Like many technology companies and healthcare providers, from October 2019 to January 2023, Cerebral used pixel tracking technologies, according to HIPAA’s Notice of Privacy Breach of company.
In the announcement, Cerebral said it discovered on January 3 that it “disclosed certain information that could be classified as HIPAA-protected health information to certain third-party platforms and some subcontractors without the assurance required by HIPAA.”
That information, which may have been shared with Google, Meta, TikTok and others, may include names, phone numbers, email addresses, dates of birth, IP addresses, Cerebral customer ID numbers, and information other demographics.
If an individual does more than just create an account – for example, taking an online review – “the information disclosed may also include the service the individual has selected, responding to a review, and certain other information.” related health,” added Cerebral.
Unauthorized disclosure of patient data may also include appointment information, treatment notes, and insurance details for those enrolled in the service.
However, the company asserts that, “regardless of how an individual interacts with the Cerebral Platform, the information disclosed does not include Social Security numbers, credit card information or account information bank.”
The company says it has disabled or discontinued the tracker and is offering a free credit report monitoring service. It also advises affected people to monitor their credit reports and change their Cerebral account passwords.
TREND TO BIGGER WOMAN
In December, HHS issued guidance on the use of online tracking tools, addressing patient data tracking on websites and mobile apps, and reminding regulated entities on HIPAA compliance obligations.
In 2022, several lawsuits against Meta Platforms and other entities named hundreds of hospitals and healthcare providers without prior knowledge that protected information was being transmitted. data tracker.
Earlier this month, the Federal Trade Commission fined online therapy company BetterHelp, owned by Teladoc Health, $7.8 million for allegedly sharing consumer data with third-party advertisers. .
Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, said in a statement: “BetterHelp betrayed consumers’ most personal health information for profit.
Cerebral recently announced its third round of layoffs in less than a year.
ON PROFILE
“The information disclosed varies depending on the actions individuals take on Cerebral’s platform, the nature of the services provided by the subcontractors, the configuration of the tracking technology used by the individual. our services, Third Party Platforms’ data collection configuration, how individuals have configured their devices and browsers, and other factors,” the company said in the announcement. breach your data.
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
