Yale University is facing growing scrutiny over what could become one of the biggest Health Insurance Portability and Accountability Act (HIPAA) violations since the University of Chicago’s notorious patient data-sharing case.
Allegations have surfaced that Yale-affiliated researchers may have mishandled sensitive health information from individuals who signed up for a study on vaccine injuries, potentially exposing thousands of participants to data misuse.
At the centre of the controversy is Hugo Health, a “digital health company” with close ties to Yale staff, that managed patient data through an app. Hugo Health acted as an intermediary in recruiting individuals for the LISTEN study, which claimed to investigate vaccine injuries. However, evidence suggests the study was effectively funded by Pfizer and Janssen, which reportedly funnelled $3 million in research grants to Krumholz.
Thousands of vaccine-injured individuals reportedly signed up, believing the study would provide meaningful research into their conditions. Instead, only 241 participants were included in the final publications, which critics say were irrelevant to vaccine injuries and ultimately reinforced the narrative that “vaccines saved millions of lives”. Participants expected their data to be used to find solutions, but instead, the study’s findings did little to address their concerns.
The most alarming revelation is that the health data collected from these participants was legally allowed to be sold to third parties. This clause was buried in the study’s consent form, which many participants likely did not read thoroughly. The data was stored on Hugo Health’s servers, which have now been taken offline, raising serious questions about compliance with HIPAA regulations.
In July 2024, Yale sent an email to participants acknowledging that Hugo Health’s servers were not HIPAA-compliant, effectively admitting to a major breach of patient data protection laws. This has led to speculation about where the health data ended up. Some fear it was sold to the highest bidder, while others worry it may have been used to pressure or discredit vaccine-injured individuals.
Critics believe Yale knew about the issue and quietly took steps to cover it up after receiving millions of dollars from pharmaceutical companies to conduct studies that ultimately dismissed the concerns of the vaccine-injured. Many argue that this is why vaccine-injured individuals are facing increasing hostility in public discourse, as efforts are made to bury the story before it gains traction.
The HIPAA is a federal law enacted in 1996 to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The law establishes national standards for protecting electronic health records and applies to healthcare providers, insurers, and any entity handling personal medical data.
If the allegations are proven true, Yale could face significant legal and financial consequences. The university’s silence on the matter has only fuelled further speculation that this could be one of the most serious breaches of medical ethics and patient trust in recent years.
WHOA!!! 🧀@Yale could be up to their necks in the biggest HIPAA scandal since @UChicago
This is how the scam appears to have worked.
Harlan Krumholz owns a patent for managing health data through an app. “Hugo health” was the middle man providing the app to bait people… https://t.co/bNMTDnF6nI pic.twitter.com/98pakDh6Fm
— Jikkyleaks 🐭 (@Jikkyleaks) February 23, 2025
‘Mining data’ is the new gold rush for these technocrats.