On February 14, a former patient filed a class action lawsuit against mental health service provider Mindful Care, Inc. for allegedly mishandling sensitive patient information. The complaint, brought forth by plaintiff Andy Hilaire accuses Mindful Care, Inc. of violating privacy laws by using third-party tracking technologies to unlawfully intercept and disclose patients' protected health information (PHI) and personally identifiable information (PII) without consent.
The case centers around Mindful Care's use of tracking tools such as Meta Pixel and Google Analytics, which allegedly allowed unauthorized third parties like Meta Platforms (Facebook) and Google to access confidential patient data. According to the complaint, these tools were embedded in Mindful Care's website and patient portal, enabling the interception of sensitive communications regarding mental health conditions and treatments. Hilaire claims that this breach of privacy not only violates state and federal laws but also undermines public trust in digital telehealth services.
Hilaire argues that Mindful Care's actions contravene its own privacy policies, which assure patients that their medical information will remain confidential unless explicit permission is granted for disclosure. The lawsuit highlights that neither Hilaire nor other class members consented to their PHI being shared with entities outside of Mindful Care’s healthcare operations. Furthermore, the complaint alleges violations of several laws including the Electronic Communications Privacy Act (ECPA), negligence, breach of contract, breach of fiduciary duty, bailment, and violation of New York’s Deceptive Trade Practices Act.
The plaintiffs are seeking a range of remedies from the court. They demand statutory damages for each violation along with compensatory damages for invasion of privacy and loss of benefit from their bargain with Mindful Care. Additionally, they seek injunctive relief to prevent further unauthorized disclosures and an order requiring Mindful Care to improve its data security measures.
Representing the plaintiff is attorney Richard M. Smith. The case was filed in the United States District Court for the Eastern District of New York under Case No. 2:25-cv-881.