A class action lawsuit has been filed in the Northern District of California against Meta (Facebook), the UCSF Medical Center, and the Dignity Health Medical Foundation, alleging that the organizations are unlawfully collecting sensitive healthcare data about patients for targeted advertising.
This tracking and data collection allegedly takes place in medical portals beyond login walls, where patients enter highly sensitive information about themselves, their conditions, doctors, prescribed medication, and more.
According to the lawsuit, neither the hospitals nor Meta informs the patients about the data collection, no user consents are requested, and there is no visible indication of this process.
The plaintiffs realized the violation of their privacy when Facebook, the social media platform belonging to Meta, began targeting them with advertisements tailored explicitly for their medical condition.
Meta Pixel
The Meta Pixel is a piece of code that can be injected into any website to aid with visitor profiling, data collection, and targeted advertising.
It takes up the space of a single pixel, hence the name and stealthiness, and helps collect data such as button clicks, scrolling patterns, data entered in forms, IP addresses, and more.
This data collection takes place for all users even if they don't have a Facebook account. However, for Facebook users the collected data is linked to their account for deeper correlation.
Because the Meta Pixel is installed on numerous sites, users will be tracked and targeted with specific ads on multiple internet locations.
A recent investigation by The Markup found Meta Pixel in 30% of the top 80,000 most popular websites, including several anti-abortion clinics and other healthcare providers.
The lawsuit claims that Meta’s tracking code is present on 33 websites of the top 100 hospitals in the United States, and in seven cases, the code runs beyond password-protected patient portals.
According to the complaint, the 33 hospitals found to have the Meta Pixel collectively admitted over 26 million patients and outpatient visits in 2020 alone.
Privacy violation
In examples in court documents, patients received targeted advertisements on Facebook and also over email, promoting ailments and medical services with no scientific support.
Most importantly, the plaintiffs felt violated as they had never agreed to the collection of sensitive medical data, let alone for it to be used in targeted advertising.
Meta even contains a provision for this in its data privacy policy, stating that its partners (hosts of the Meta Pixel) must have lawful rights to collect, use and share users’ data before handing it over to the advertising giant.
However, as mentioned in the complaint: “Healthcare Defendants do not have the legal right to use or share Plaintiffs’ and Class members data, as this information is protected by the Health Insurance Portability and Accountability Act of 1996’s (“HIPAA”) Privacy Rule, which protects all electronically protected health information a covered entity like Healthcare Defendants “create[], receive[], maintain[], or transmit[]” in electronic form.”
As such, both Meta and the healthcare providers are accused of knowing that their data collection operation was unlawful, yet they continued to do it and concealed it from the tracked individuals.
Meta’s efforts filter out sensitive medical information from the collected data have been proven ineffective, according to both The Markup and the New York State Department of Financial Services that looked into this matter back in February 2021.
In conclusion, the plaintiffs, on behalf of anyone in a similar situation, seek claims for relief relevant to the invasion of privacy, violation of medical information confidentiality, unjust enrichment, breach of contract, Computer Data Access and Fraud Act (CDAFA), and also the Federal Wiretap Act.
Comments
U_Swimf - 1 year ago
Good. Get caught. Now get sued. I wonder if they'll become the next Terrorist organization. They're so rooted into the Internet i could see a digital coo taking place. Oh wait...
lonegull - 1 year ago
We'll soon see Zuckerberg claiming he knew nothing about healthcare data being collected, didn't know the hospitals had access to our data. Getting Deja vu...
ShadowNinja - 1 year ago
Unless they get a really heavy fine that's significantly higher then the money they made with their illegal actions they're unfortunately just going to write this off as the cost of doing business. I hope the courts are able to hit them with a large enough fine to be an actual deterrent.
merc123wp - 1 year ago
I think you mean a tax deduction on their balance sheet.
Bezukhov - 1 year ago
This is cute. Hospital passing data to Facebook. My job is scheduling appointments for several hospitals. I'm under some very strict guidelines. Let's say you call me and ask:
"My grandmother has an appointment today, but I don't know when."
Me: "Sorry, I'm not allowed to give out that information. Can I talk with your grandmother?"
You: "She's 87 years old, extreme dementia and doesn't speak English!".
Me: "I'll try and connect you with that clinic"
Of course, when I dial it's either an answering machine or no one picks up at all.