Researcher Resources - Tutorials

Hey guys/gals, I am very new here. I guess you could say I am getting a 360 of bugcrowd itself and how you all operate. I can already tell where some of my weaknesses are, but the thing is hypothetically of course, if you knew about a blatant HIPPA violation with a medical survey site where patients submit medical info, DOB etc… and you noticed its all being done http, but your own medical information is part of of this mess. What would you do? I already know where its hosted, and it doesn’t look like a large outfit. Is it even worth pursuing?