FTC Prohibits Monument from Sharing Consumer Data for Advertising Purposes Without Consent

The Federal Trade Commission (FTC) has banned Monument from sharing consumer data with third-party advertisers without consent. A $2.5 million civil monetary penalty was proposed, which was suspended due to the company’s inability to pay.

Monument, a company that provides plans to support individuals with alcohol addiction, was investigated by the FTC following a data breach that was disclosed in March 2023 involving the personal information of more than 108,000 individuals. The data breach was due to the use of third-party analytics and tracking tools on its website.

While tracking tools are used on many websites, the problem with Monument’s use of these tools was the company told consumers that their personal information would be 100% confidential, yet their information was transferred to third parties such as Google and Meta without their knowledge or consent and was used to deliver personalized ads.

According to the FTC’s complaint, Monument violated the FTC Act by engaging in unfair and deceptive business practices and violated the Opioid Addiction Recovery Fraud Prevention Act of 2018 (OARFPA), which prohibits deceptive business practices in relation to substance use disorder treatment services. The FTC also alleged that Monument misrepresented compliance with the Health Insurance Portability and Accountability Act (HIPAA). The $2.5 million civil monetary penalty was imposed for violating OARFPA and will need to be paid if the FTC learns that Monument misrepresented its financial position.

Monument has also been ordered to contact all third parties that received consumer data via its website tracking tools and instruct them to delete the data. Any consumers that have yet to be notified by Monument about the impermissible disclosure of their data must be notified, and Monument must develop and implement a comprehensive privacy program to ensure consumer data is protected and all issues identified in the FTC complaint are addressed.

The FTC has taken action against several companies over the sharing of consumers’ health data with third parties without consent, including BetterHelp, GoodRX, Premom, and Cerebral.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Download Free Checklist

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/