Why would a business sell customer email addresses to competitors?
Doesn’t make sense to me.
Individuals in the organizations may be doing this independently
Assuming the website is located in the US with a doctor with an American medical license, I think HIPAA applies. But can you show damages? Can you prove your email didn’t get to these sites some other way? You were searching for ED information after all, might be his defense.
I would not be able to prove a negative. I would not be interested in suing to collect damages but in reporting them to possibly get them fined or something. I would not have been searching for ED information, I would have been responding directly to an offline ad. It could be true, as Telemark suggested, that my ISP might have logged my (theoretical) act of accessing that site. Maybe I would have liked to cause them as much trouble as possible.
All these points have been covered in previous responses.