Try Not to Get Sued 👻

If you work in DTC women’s health and are trying to acquire customers right now, it’s hard not to feel a little paranoid. The lawsuits against Flo Health and Everly Health shook our entire category — reminding every founder, marketer, and media buyer just how fragile “privacy” really is in this space. It’s made me deeply curious (borderline obsessed) with how our data moves behind the scenes, and how the rules are changing faster than most of us can keep up.

At Rescripted, our customers have started turning to us with all the same questions: What’s actually allowed under HIPAA? What counts as “health data” in Meta’s eyes? And how do you responsibly reach the right audience when all the old tools — pixels, lookalikes, you know the drill — are suddenly off-limits?

Enter Adam Putterman. As the co-founder of Ours Privacy (and someone who’s lived through the same chaos from the inside), he was the perfect person to help make sense of what’s happening — and what comes next. So I asked him to break it down for us.

This Week’s Signal

First of all, thank you to Abby for inviting us to chat about this. I need to get this out of my system before I end up spending our entire Thanksgiving dinner talking about pixels and HIPAA and CAC and BAAs.

Meta’s 2025 privacy changes have been (to put it lightly) a headache for anyone in healthcare marketing.

Starting in January 2025, Meta began limiting what advertisers in “sensitive” categories - including health and wellness - could use as campaign goals. By September, they took it even further: any audience or conversion labeled with health-related terms (think IVF, diabetes, PCOS) stopped collecting new data altogether.

If your business touches healthcare, this was borderline apocalyptic. Campaigns slowed down. Conversions broke. CAC went up - often as much as 4-5x or more. And a lot of people realized they didn’t really know how their campaigns and data models with Meta worked.

It was one of the biggest privacy shake-ups since Apple’s iOS 14 update - except this time, it wasn’t about cookies. It was about liability and who is allowed to have access to sensitive health data (TLDR: the answer is → only companies that are themselves HIPAA compliant and have a signed BAA).

What We’re Missing

The story didn’t start this year. It started back in 2022, when investigative reporters found Meta’s Pixel quietly collecting sensitive data from hospital websites - in some cases, even from inside patient portals.

That discovery triggered a wave of lawsuits, FTC scrutiny, and new HHS guidance warning that sensitive health information cannot - under any circumstances - be shared with platforms that do not have a signed BAA in place with you (e.g., Meta, Google, Reddit, GA4, and nearly every other platform that a modern marketer requires to do their job).

By early 2025, Meta had a choice: clean up or keep paying lawyers. They chose both. Meta continues to fight many of the initial lawsuits, but also has made sweeping changes to the types of data it will accept and allow healthcare marketers to use.

Even more importantly though, in trying to protect consumers, these platforms accidentally broke the bridge between health brands and the audiences that actually need them.

And that’s a real problem. While the U.S. healthcare system continues to crumble, consumer health has exploded - fertility startups, telehealth platforms, women’s wellness brands. The demand is there. But if compliant performance channels disappear, the right products can’t find the right people.

Meta’s new rules do protect privacy. But they’ve also made it harder for someone dealing with fertility challenges, menopause, or postpartum anxiety to stumble onto the brand that could actually help them.

What We’re Seeing

We didn’t start as a privacy company. We started as a digital telehealth company called Ours focused on couples. Like many of you reading this, we were trying to solve a very specific, very important part of people’s health and wellness - their relationship health, e.g., premarital counseling, couples therapy, etc.

A lot of couples don’t go searching for help. So awareness-based channels like Meta were critical for our company. As we transitioned from word-of-mouth + coaching to scalable growth + therapy, we hit the same wall everyone else did.

We were running pixel-less to stay compliant and had no visibility into what was working and - even worse - no campaign optimizations. Campaign costs were skyrocketing, attribution fell apart, and every change started to feel like guesswork.

So we built our own solution: a HIPAA-compliant, BAA-backed, server-side infrastructure that allowed us to keep marketing without risking compliance. The setup was compliant by default and let us anonymize sensitive data before sending anything to third parties like Google or Meta.

Soon, other healthcare companies started reaching out, asking how we were managing these challenges. After answering that question over and over again, we realized the entire industry needed this solution.

So we launched Ours Privacy - a healthcare privacy platform designed for healthcare marketers who want to grow responsibly (but also effectively).

Today, we’re focused on building the healthcare marketing engine - a platform that brings together everything teams need to grow responsibly. Beyond HIPAA-compliant data management, we’re expanding into tools for consent, maps, video, translation, and session replays, all designed to work together seamlessly. The goal is simple: give healthcare organizations a single, compliant way to manage their digital presence and understand their data without juggling multiple vendors or contracts.

What It Means

But back to you…here’s some practical advice for Meta:

1. First, see if you’re restricted.

You probably already know. But if not, it’s worth checking ASAP. We’ve seen several brands come to us - unrelated to Meta restrictions - complaining of high CAC. It turned out their campaigns were being restricted and they hadn’t seen the notification that they’d been tagged as a health and wellness brand - in these cases, campaigns appear to be working, but the algorithms have stopped optimizing.

You can check your restriction here: Events Manager > Select your pixel > Settings tab > "Manage data source categories" section > Manage. If you see “care portal” you are fully restricted. Any other labels mean you are partially restricted.

2. Make a plan.

Start by defining your own health data / privacy framework (focus on HIPAA, the recent HHS guidance, and state privacy laws). The entire ad ecosystem is shifting towards similar guidance (LinkedIn also disabled their pixel and standard events for health companies and we expect more to follow) and now is the time to get ahead of it.

It’s worth noting that Meta and other platforms are not only restricting companies that need to follow HIPAA - they’re restricting a much wider sector across health & wellness, regardless of covered entity status.

3. Transition off of pixels.

Practically, the days of pixels and standard events are behind us. Start to onboard conversion APIs and obfuscated custom events with PHI redaction.

Lastly, don’t fall for any fear mongering. This stuff is important and critical. But it’s solvable. We’ve seen countless brands end up with better performance after doing this work.

Adam said it best: this is solvable. The privacy reckoning sweeping healthcare marketing isn’t the end of consumer health — it’s a chance to rebuild trust the right way. For women’s health brands, that matters more than ever.

Because while privacy laws evolve, one thing won’t change: people still need to find the right information, products, and care. The goal isn’t to stop marketing — it’s to do it responsibly.

Huge thanks to Adam and the Ours Privacy team for helping us unpack what’s really happening behind the curtain. If this conversation has you rethinking your own data practices, you’re not alone — and we’ll keep digging into it right here on Spotting.

(And for anyone curious about Ours Privacy, Adam’s offering 10% off when you mention Rescripted.)

With more signal and less noise, Spotting is your weekly lens on what’s next in women’s health — and why it matters. See you right here next time, in your inbox. (And if a friend forwarded this to you, you can subscribe to get your own copy.)

With hugs, science & freedom,
Abby

P.S. Whether this hits or misses for you, I’d love to hear your thoughts — just hit reply. Thanks for being here 🤗

Reaching 20M women monthly and partnering with trusted brands like Pfizer, Kotex, BetterHelp, and Noom, Rescripted is the leading media platform for all women and their health, from first period to last period.