Logos of Illinois Families for Public Schools, Legal Action Chicago, Legal Council for Health Justice, NAMI Chicago, NASW-Illinois Chapter, and the Parent Coalition for Student Privacy
Blog

Chicago Board Of Ed Should Overhaul Or Cancel Telehealth Counseling Contract

MEDIA RELEASE

October 9, 2025

CONTACT:
Cassie Creswell
Illinois Families for Public Schools
773-916-7794

Advocacy Orgs Call On Chicago Board Of Ed To Overhaul Or Cancel Telehealth Counseling Contract

CHICAGO — Yesterday five advocacy organizations sent a letter to the Chicago Board of Education and Chicago Public Schools Superintendent-CEO Macqueline King calling on them to cancel CPS’ contract with Hazel Health, a for-profit tech company providing mental health services to CPS high school students, or remedy the lack of protections for sensitive student data before the contract renews automatically on December 31, 2025.

Illinois Families for Public Schools, Legal Action Chicago, Legal Council for Health Justice, NAMI Chicago, NASW-Illinois Chapter, and the Parent Coalition for Student Privacy urged the Board to fix the lack of data protections in the contract and the consent form that parents sign in order for students to get services, along with ending the illegal targeted advertising on the Hazel website where families sign up for the program. If these significant issues can’t be rectified, then the contract should be canceled altogether.

Logos of five organizations: Illinois Families for Public Schools, Legal Action Chicago, Legal Council for Health Justice, NAMI Chicago, NASW-Illinois Chapter, and the Parent Coalition for Student PrivacyCPS contracted with Hazel Health starting last fall, and the contract will renew automatically for the first of four two-year terms on December 31, 2025 if the Board does not take any action before Dec 1. The contract is no-cost; students’ public or private insurance is billed, and additional costs appear to be covered by funding from United Healthcare. If no changes are made, the contract will run through 2033; it did not require any previous Board vote as a no-cost contract delegated to administrative approval only.

Hazel Health is a privately-held health tech startup formed in 2015 to provide both physical and mental healthcare telehealth services to public school students. A consortium of investors led by private equity firm Bain Capital hold the majority of Hazel shares, and the company has contracts with more than 180 school districts in 19 states, including many of the country’s largest: Los Angeles, Philadelphia, Houston, Miami, Jeffco (Colorado), Clark County (Nevada), and Fairfax County (Virginia). Hazel Health recently merged with an AI-based mental health startup, Little Otter, according to Axios.

Illinois’ state Student Online Personal Protection Act (SOPPA) has strong prohibitions on school contractors using students’ personally-identifiable information (PII) for commercial purposes, including targeted advertising, along with robust requirements for keeping data secure. Hazel’s parental consent form states that a student’s PII may be stolen and that the company can use their data for product development and research. The landing page that CPS sends parents to on the Hazel site has marketing trackers from Alphabet (Google’s parent company) and Amazon. Hazel’s own privacy policy says that they also have trackers from Facebook on their site.

Illinois Families for Public Schools executive director Cassie Creswell, who has been worried about how Hazel is treating student data since the district rolled out these services in March, said, “As a Chicago Public Schools parent myself, I know there is major unmet demand for therapy and counseling for students, but a no-cost contract with a for-profit company raises huge red flags about whether students are paying for this care with their data, which, frankly, is too high a price when it comes to the most sensitive possible data about minor children.”

CPS’s contract with Hazel Health provides no information about what medical, disability, counseling or mental health data the company collects, holds or generates. The company’s services are provided via video conferencing, so potentially the company is holding audio and video recordings, automatic transcriptions, counseling notes, medical, behavioral or disciplinary records, biometric information and more.

Under SOPPA, data should be cataloged in the contract between CPS and Hazel, but the current contract only includes a short list of rostering information, like a student’s name, email, grade level and parent contact information. In the wake of Hazel’s merger with health startup Little Otter, data that Hazel holds may be shared and used for training Little Otter’s AI platform.

CPS has been referring families to Hazel Health since March, and, in response to the Trump administration’s ramping up federal law enforcement and military presence in Chicago, has highlighted Hazel as a resource for students, including those in immigrant and mixed status families, LGBTQ+ students, and Black and Brown communities, who are experiencing anxiety and undergoing trauma.

“Protecting the personally-identifiable information and incredibly sensitive mental health data of students in vulnerable communities is especially crucial right now, and it is worrisome that families are being directed to a service with major unanswered questions about the level of protection of their data,” added Creswell.

“No school district should outsource its responsibility for protecting student confidentiality to private investors. CPS has a moral and legal obligation to ensure that every mental health partnership upholds the same privacy and professional standards that licensed clinicians follow every day,” said Kyle Hillman, director of legislative affairs for the National Association Of Social Workers – Illinois Chapter.

In a statement, Legal Council for Health Justice also expressed serious concerns about the use of Hazel Health’s services: “We fully support CPS’ goal of offering mental health treatment options to their students, but we can’t endorse a contract with an entity that takes so little responsibility for the security of sensitive information about those students.”

“We have also encountered overly lax privacy protections for student telehealth mental health services in New York City. But the agreement signed by Chicago Public Schools is among the worst we’ve ever encountered. The extremely sensitive personal data of students is being illegally sacrificed for commercial purposes and targeted ads in a manner that could seriously worsen their safety and emotional health,” said Leonie Haimson, co-chair of the Parent Coalition for Student Privacy.

There have been several significant ransomware attacks on school districts’ mental health data in recent years, including Los Angeles and Minneapolis. A major breach of a Finnish mental healthcare startup in 2020 resulted in blackmail attempts and deaths by suicide. CPS itself had a ransomware attack that exposed data of more than 700K students’ in early 2025, including Medicaid ID numbers.

About Illinois Families for Public Schools

Illinois Families for Public Schools (IL-FPS) is a statewide, grassroots, non-profit 501c4 advocacy group founded in 2016. IL-FPS is the voice of public school families in Springfield and across the state, advocating to defend and improve Illinois public schools. More at ilfps.org.

About the Parent Coalition for Student Privacy

The Parent Coalition for Student Privacy (PCSP) is a national grassroots advocacy organization, founded in 2014, which built on the success of parent advocates to stop the creation of inBloom, a national database of K-12 student data to be used for commercial purposes. PCSP includes parents from nearly every state and assists families in addressing individual and systemic threats to student privacy. More information at studentprivacymatters.org

###