Corporate Misconduct Accountability Project | Medical Privacy Edition
Medical Privacy Violation · California
Choose Your Horizon Embedded Tracking Software in Its Ketamine Therapy Websites and Shared Patients’ Private Medical Data with Tech Giants
A ketamine therapy startup quietly funneled the confidential health information of 761 vulnerable patients to third-party advertisers, settling a federal class action for $400,000 while denying any wrongdoing.
● High Severity
$400K
Settlement Fund
761
Patients Affected
2
Websites Involved
2023-24
Exposure Window
The Bottom Line
Choose Your Horizon, Inc., which operates ketamine therapy websites chooseketamine.com and chooseyourhorizon.com, installed software on those sites that quietly transmitted patients’ private medical information and confidential communications to outside companies without their knowledge or consent. The people harmed are patients seeking treatment for serious mental health conditions: people who trusted a healthcare company with their most sensitive personal information. CYH collected that trust and sold it to advertisers.
This is medical privacy theft dressed in startup branding. The $400,000 settlement, paid without any admission of wrongdoing, is a rounding error compared to the harm inflicted on 761 people who sought help in a moment of vulnerability. Demand real accountability for companies that monetize your pain.
Core Allegations
What Choose Your Horizon Did
6 points
| 01 | CYH embedded third-party tracking software in its ketamine therapy websites, chooseketamine.com and chooseyourhorizon.com, that intercepted and transmitted patients’ confidential medical information to outside advertisers and tech platforms. | high |
| 02 | The disclosure of patients’ protected health information and personally identifiable information occurred without patient consent, in direct violation of the California Invasion of Privacy Act (Cal. Pen. Code S631(a)). | high |
| 03 | CYH’s conduct violated the California Confidentiality of Medical Information Act (Cal. Civ. Code S56.10), a law that exists specifically to protect patients from exactly this kind of unauthorized disclosure of sensitive health data. | high |
| 04 | The settlement class encompasses approximately 761 California residents whose private health information was disclosed to third parties between May 9, 2023 and July 11, 2024, while they used CYH’s websites from within California. | med |
| 05 | The alleged conduct also violated the California Constitution and common law, reflecting how fundamental the right to medical privacy is under California’s legal framework. | med |
| 06 | CYH represents that it implemented changes to its websites and disclosures after the lawsuit was filed, an implicit acknowledgment that its prior practices required correction, even as the company formally denies any wrongdoing. | med |
💰 Profit Over People
4 points
| 01 | Ketamine therapy companies serve patients who are often in crisis, seeking treatment for depression, PTSD, or other serious mental health conditions. Using their most vulnerable moments as a data-harvesting opportunity represents a profound ethical failure. | high |
| 02 | Third-party tracking software on healthcare websites typically serves advertising and analytics purposes, meaning patient health data was used to benefit CYH’s marketing operations rather than to improve patient care. | high |
| 03 | The settlement fund of $400,000 for 761 patients amounts to a maximum of approximately $525 per person harmed, before attorney fees and administrative costs, a number that does not begin to capture the harm of having one’s mental health treatment history exposed. | med |
| 04 | Attorney fees for class counsel are capped at 25% of the settlement fund ($100,000), and class representatives receive $5,000 each in service awards, all paid from the same $400,000 pot, further reducing what patients actually receive. | med |
⚖️ Corporate Accountability Failures
4 points
| 01 | CYH settled without admitting any liability or wrongdoing. The settlement agreement explicitly states it cannot be used as evidence of wrongdoing in any future proceeding, insulating the company from accountability even as it pays to make claims disappear. | high |
| 02 | No individual executives face any personal liability or consequences. CEO Mark Holland, who signed the settlement on behalf of CYH, faces no penalties, fines, or restrictions on future conduct. | high |
| 03 | Settlement class members who do not opt out are permanently barred from suing CYH over these claims, giving the company a clean legal slate after a single modest payment. | high |
| 04 | The settlement required mediation lasting approximately seven hours before a former federal judge, and the parties still could not reach an agreement that day, requiring months of additional negotiation, suggesting CYH did not readily accept responsibility. | low |
☣️ Public Health and Safety
3 points
| 01 | The disclosure of mental health treatment information carries unique harms: it can affect employment, insurance, custody decisions, and relationships. Patients seeking ketamine therapy for depression or PTSD face potential stigma and discrimination if that information reaches employers, insurers, or others through advertising data pipelines. | high |
| 02 | Third-party tracking data from healthcare websites can be aggregated, cross-referenced, and sold multiple times over, meaning CYH’s initial disclosure may have set off a chain of data sharing that patients cannot trace or stop. | high |
| 03 | Patients who avoid seeking mental health treatment because they fear their data will be misused represent a public health cost that no settlement fund can measure. CYH’s conduct reinforces exactly the kind of distrust that keeps vulnerable people from getting help. | med |
Timeline of Events
May 2023
The alleged disclosure period begins. CYH’s tracking software starts transmitting patient health information to third parties without consent from visitors to its ketamine therapy websites.
May 9, 2024
Plaintiff Karen Martinez files a putative class action in the U.S. District Court for the Northern District of California, alleging CYH violated California privacy law by sharing patients’ confidential medical data with third parties.
July 11, 2024
The alleged disclosure period ends. The settlement class covers California residents whose data was exposed between May 9, 2023 and this date.
November 26, 2024
The parties participate in a seven-hour mediation session with former Chief Judge James F. Holderman of the U.S. District Court for the Northern District of Illinois. No settlement is reached that day.
January 29, 2025
Plaintiffs file an amended complaint, adding plaintiff Eli Silva to the case and broadening the class action record.
October 2025
Both class representatives and CYH CEO Mark Holland sign the $400,000 settlement agreement. CYH continues to deny all wrongdoing.
Direct Quotes from the Settlement Agreement
QUOTE 1
The Core Allegation
Core Allegations
“The material allegations of the complaint center on Defendant’s alleged use of certain software on its Websites that discloses customers’ medical information and confidential communications to third parties, which Plaintiff claims was without permission.”
This is the foundation of the case: CYH used software designed to extract and transmit patient medical data without asking anyone’s permission. This is not a technical glitch; it is a business decision.
QUOTE 2
Who Was Harmed
Core Allegations
“The Settlement Class means all California residents who, from May 9, 2023, to and through July 11, 2024, had their personally identifiable information or protected health information disclosed to third party entities, as a result of using the Websites while located in California.”
761 real people, residents of California seeking mental health treatment, had their most sensitive personal information handed over to outside companies. This is the human scale of the harm CYH caused.
QUOTE 3
CYH’s Denial Without Consequence
Accountability Failures
“At all times, Defendant has denied and continues to deny any wrongdoing whatsoever and has denied and continues to deny that it committed, or threatened or attempted to commit, any wrongful act or violation of law or duty alleged in the Action.”
CYH pays $400,000 and walks away clean. This is not accountability. This is the price of doing business when caught violating your patients’ privacy.
QUOTE 4
CYH’s Official Excuse
Accountability Failures
“While CYH believes that its practices were in compliance with California law, CYH chose to settle this case, without admitting liability, to focus time, effort and resources on continuing to provide valued services to its patients, and to avoid incurring additional legal fees and the uncertainty of litigation.”
CYH frames a legal settlement as a customer service decision. This language is crafted to protect the company’s reputation, not to acknowledge what happened to 761 patients.
QUOTE 5
The Permanent Legal Shield
Accountability Failures
“This Agreement is a compromise, and the Agreement, any related documents, and any negotiations resulting in it shall not be construed as or deemed to be evidence of or an admission or concession of liability or wrongdoing on the part of Defendant.”
The settlement is engineered to protect CYH from future accountability. Patients get modest checks; CYH gets permanent legal immunity from these claims.
QUOTE 6
The Websites at the Center of the Case
Core Allegations
“CYH operates the websites https://www.chooseketamine.com/ and https://www.chooseyourhorizon.com/ (the ‘Websites’).”
These are patient-facing healthcare websites. People who visited them to learn about mental health treatment were subjected to data collection practices that violated California law.
Commentary
What exactly did Choose Your Horizon do?
▾
CYH installed third-party tracking software on its ketamine therapy websites. That software intercepted patients’ private health information and communications and transmitted them to outside companies, without asking patients for permission. This is exactly what California privacy law prohibits. CYH is a healthcare company. Its patients came to its websites seeking treatment for serious mental health conditions. Instead of protecting that data, CYH handed it to advertisers.
Is this lawsuit legitimate? Is the settlement a good outcome for patients?
▾
The lawsuit is based on well-established California privacy statutes: the California Invasion of Privacy Act and the California Confidentiality of Medical Information Act. These are serious laws with real teeth, and CYH’s alleged conduct falls squarely within what they prohibit. The settlement is a mixed result. Patients get compensation, and CYH implemented website changes. But $400,000 for 761 people, before fees and costs, is modest. No one admitted wrongdoing. No executive was held personally accountable. That is not justice; it is damage control.
Why does it matter that this was a mental health company specifically?
▾
Mental health data is among the most sensitive information a person can share. Exposure of mental health treatment history can cost people their jobs, affect custody arrangements, raise insurance costs, and damage relationships. The stigma around mental health conditions is still pervasive. CYH operated in a space where patients had to trust the company with their most vulnerable information. That trust was betrayed for advertising purposes. The harm is not just legal; it is deeply personal.
Is this a common practice across healthcare websites?
▾
It is far more common than it should be. Third-party tracking pixels and analytics tools, designed primarily for advertising optimization, have been widely deployed on healthcare websites without adequate consideration for the privacy implications. CYH is not the only company that made this mistake, and the resulting wave of class action litigation is forcing the healthcare industry to reckon with practices it should have addressed years ago. This settlement is part of a broader accountability moment for digital health companies.
Did CYH break federal law as well as California law?
▾
The case was filed under California state law, specifically CIPA and the Confidentiality of Medical Information Act, as well as the California Constitution. Whether CYH also violated federal health privacy laws such as HIPAA is a separate question that this settlement does not directly address. The settlement resolves only the claims brought in this specific case.
What happened to the 761 patients’ data that was already shared?
▾
The settlement does not require CYH to retrieve or delete data that was already transmitted to third parties. Once data leaves to an advertiser or analytics platform, it enters a commercial ecosystem where it can be retained, shared, and used in ways the original company cannot control. The settlement protects CYH legally but provides no guarantee that patients’ data has been removed from third-party systems.
What can I do to prevent this from happening again?
▾
Several concrete steps matter. Use a privacy-focused browser like Firefox with tracking protection enabled, or install a browser extension like uBlock Origin, before visiting any healthcare website. Check whether a healthcare provider’s privacy policy explicitly discloses use of third-party tracking tools. Support state and federal legislation that expands medical privacy protections and imposes real penalties on companies that violate them. Contact your state representatives to demand stronger enforcement of health data privacy laws. And when companies violate your medical privacy, talk to an attorney about your rights; litigation like this one only happens because individual patients step forward.
💡 Explore Corporate Misconduct by Category
Corporations harm people every day — from wage theft to pollution. Learn more by exploring key areas of injustice.
- 💀 Product Safety Violations — When companies risk lives for profit.
- 🌿 Environmental Violations — Pollution, ecological collapse, and unchecked greed.
- 💼 Labor Exploitation — Wage theft, worker abuse, and unsafe conditions.
- 🛡️ Data Breaches & Privacy Abuses — Misuse and mishandling of personal information.
- 💵 Financial Fraud & Corruption — Lies, scams, and executive impunity.
