Monument and Tempest, two alcohol recovery startups, have faced backlash after being caught sharing confidential user data with advertisers without their consent. The data breach has impacted over 100,000 patients, and the companies shared a range of patient information including names, email addresses, postal addresses, phone numbers and insurance details.
What makes this breach even more worrying is the type of information that was shared. Monument and Tempest also shared appointment and assessment information, as well as survey responses that included alcohol consumption data. The fact that they did not have appropriate user consent to share sensitive information has led to major concerns among patients.
While the companies have removed the offending tracking codes from their websites, they do not admit to purposefully sharing this information to increase profits. This is a significant violation of user privacy, and can lead to a loss of trust for patients who are already facing the challenging journey of dealing with alcohol recovery.
This is not the first time that data breaches have occurred in the medical field. Similar violations have occurred in other personal health categories such as mental health and personal fitness. Clearly, there is a need for proper legislation and protocols to ensure data privacy is not breached and user consent is sought and received.
Sharing private information without user consent can result in a major loss of trust. It undermines the user’s ability to manage their own health journey, and can even lead to serious consequences, such as discrimination or stigmatization. Monument and Tempest’s flouting of privacy rights demonstrate the need for greater transparency and the need for companies to take personal data handling much more seriously.
It must be emphasized how important it is for patients to be made aware of the type of data that is being collected, why it is being collected, and how it is being used. Users need to take responsibility for their own data privacy, and by actively choosing what information to share, they can take control of it.
Ultimately, data privacy is not simply the responsibility of doctors and health organizations to provide. It is increasingly becoming the responsibility of patients to understand how their data will be used and make informed choices based on that knowledge. By taking a proactive approach to data privacy and demanding better personal data management, patients can help ensure that their rights and privacy are protected.