Dive Brief:
- A class action complaint was filed against tech giant Meta, the parent company of Facebook, alleging that the social media platform has been harvesting private patient information from hospital websites in violation of HIPAA and numerous other local, state, and federal laws.
- The lawsuit claims that Meta’s Pixel tracking tool sends patient data such as IP addresses, online portal login credentials, and health problems directly back to the business. It was filed last week in Northern California.
- The lawsuit, which was brought by John Doe on behalf of “millions of other Americans whose medical privacy has been violated by Facebook’s Pixel,” comes in response to a last week’s investigative report by The Markup and Stat News, which found that the top 33 hospitals in the U.S. were sending private patient information to Meta via the tracking tool used by Facebook’s Pixel.
Dive Insight:
The Markup discovered that in one case when a user clicked the “schedule online” button on the website of University Hospitals Cleveland Medical Center, the Pixel tracking tool gathered information about the doctor’s name, the text that appeared on the online button, and the search term “pregnancy termination” before sending it back to Facebook. The study also discovered that Facebook Pixel was already set up inside seven hospital systems’ purportedly password-protected patient portals.
According to the lawsuit, Facebook “knowingly receives patient data” from at least 644 hospital systems or “medical provider online domains” to provide targeted advertisements both on and off of Facebook’s website. The corporation is also accused of failing to obtain “patient awareness, permission, or legitimate HIPAA authorizations,” according to the complaint.
A piece of code called the Facebook Pixel enables websites to target and tailor adverts for consumers. Frequently, the data is connected to particular users.
The data and personal information collected by Pixel have encountered several privacy-related obstacles. A class action complaint was launched in February against the parent company of the medical diagnostic tool WebMD, alleging that Facebook’s Pixel tracking tool violates the Video Privacy Protection Act by disclosing personal information from WebMD users by tracking targeted video adverts. Facebook’s Pixel is allegedly in violation of the VPPA according to a separate class-action lawsuit brought in March against streaming service HBO.
Although the Pixel has recently come under fire, the tech giant has previously been accused of harvesting patient healthcare data. A class-action lawsuit was brought in 2016 by three Facebook users against the social media platform and several medical institutions because Facebook had improperly gathered and utilized health information for marketing profiles and ad targeting. In May 2017, a judge decided in favor of Facebook; the plaintiffs then appealed. Nicholson Price, a law professor at the University of Michigan, told The Markup that “this is an extreme example of exactly how far the tentacles of Big Tech go into what we think of as a protected data area.” From the perspective of the hospitals, “I think this is disturbing, problematic, and potentially unlawful.”