I wouldn't, but the last time we had a story here where mental health websites were sending sensitive data to advertisers, they did it in such a dumb way you could spot it easily on the network tab of your browser's dev tools. Haven't seen anything like here in my brief look.
The form, where we collect user data, is not hosted by us, and is hosted by a HIPAA-compliant vendor. What particular data was being shared in your story?
Including the Google Analytics library and Facebook Pixel on your site at the very least sends each and every pageview back to both of those entities. If the developer has implemented custom conversions, even further behavior is tracked.