That doesn't answer the question. It just restates the problem. Why aren't they doing diligence on what they're accepting from their business partners, or what types of partners they're working with? There's no reason they couldn't know the company deals with health data and place it under additional scrutiny.