The U.S. Federal Trade Commission (FTC) has banned virtual addiction treatment startup Monument from sharing patient health information with third parties for advertising purposes.
Announced on April 11, this action settles several allegations raised by the FTC. It is the second such action taken by the FTC in the last few days. On April 15, the FTC announced a more substantial action against the virtual mental health company Cerebral Inc. for similar reasons — inappropriately sharing patient data and misrepresenting data policies.
Specifically, the FTC alleges that New York City-based Monument, which provides virtual medication-assisted therapy (MAT) for alcohol use disorder and online support groups, violated the Federal Trade Commission Act and the Opioid Addiction Recovery Fraud Prevention Act of 2018.
“Here’s the loud-and-clear message companies need to hear: The FTC won’t back down in the fight to protect the privacy of consumers’ sensitive health data,” the FTC wrote in a recent blog post.
Multiple representatives of Monument have not responded to a request for comment.
The FTC alleges that from 2020 to 2023 Monument sent various data to the following tech companies as part of its marketing efforts: AdRoll, Amazon, Google, Impact, LiveIntent, Meta (formerly Facebook), Microsoft, Pinterest, PowerInbox, Quora and Reddit.
The agency ordered the company to pay a judgment award of $2.5 million that can be suspended if the financial documentation Monument sends to the FTC is correct.
The complaint and order released by the FTC and the U.S. Department of Justice mandate that Monument must obtain “affirmative express consent” before sharing any health information with a third party and cannot make misrepresentations about what data the company collects and how it uses it.
Monument is required to track down all data inappropriately shared with third parties and ensure that data is distracted by the third parties. It must also send its instructions to the third parties to the FTC.
The company must also send a notice detailing the FTC action and what Monument is doing to all impacted users within 14 days of the order’s effective date.
Going forward, Monument is required to develop a comprehensive privacy protection plan and retain a third-party assessor to audit its practices every two years after an initial assessment.
Founded in 2019, the company has raised about $24 million in venture backing, according to Crunchbase.