Health care providers divulge patient information to Facebook, other third parties, lawsuits allege
An increasing number of lawsuits are alleging that tracking tools on health care websites and patient portals allow Facebook and other third parties to obtain confidential medical information.
The suits, most of which are in their early stages, may have been precipitated by a December warning by the Federal Trade Commission, according to a story by Law.com on the suits.
The warning said tracking tools that help health care providers learn how patients interact with their sites may collect information that should not be shared with vendors and other third parties. The disclosure could violate the Health Insurance Portability and Accountability Act, the warning said.
Patients can’t sue under HIPAA, so the suits generally rely on state privacy laws, according to Law.com.
A prior Law.com story on a privacy suit filed against Advocate Aurora Health in Milwaukee explains how websites disclose patient information.
Some hospitals use a third-party computer code, such as a “Meta pixel,” to track visits to their websites and portals used by patients to schedule appointments and view their health information.
The code allows websites, such as Facebook and Google, to intercept patients’ website communications and use the data for personalized advertising, according to a proposed class action suit against UMass Memorial Health Care posted at ClassAction.org.
At least 664 hospital systems use the Facebook pixel that allows the social media company to receive patient data, according to allegations in some suits cited by Law.com.
Another example of alleged misuse of data is cited by the FTC in a proposed settlement with an online counseling service called BetterHelp.
The FTC has proposed that the platform pay $7.8 million to consumers to settle allegations that BetterHelp disclosed consumers’ email addresses, IP addresses and health questionnaire information to Facebook. The information was used to target similar consumers on Facebook with ads for BetterHelp’s counseling services, the FTC said.
BetterHelp also placed no limits on how third parties could use the information, allowing Facebook and other third parties to use the information for their purposes, the FTC alleged.
Baker & Hostetler has represented many of the suit defendants, including UMass Memorial Health Care. In a notice of removal in that case, the law firm noted that there is no allegation that the hospital discloses names, Social Security numbers, diagnoses, birthdates or similar information to the third parties. The other information allegedly disclosed is not the type of protected health information as defined by HIPAA, the firm said.
The suit also says the federal government has incentivized providers participating in Medicare and Medicaid to offer patients online access to their medical records “and to optimize patient engagement with their medical information.” The suit should be removed to federal court because the suit challenges federally directed conduct, the notice says.
Law.com spoke with Stacey Tovino, a professor at the University of Oklahoma College of Law, about the suits.
The new suits are “not a sure thing,” but they are “most certainly” not frivolous, Tovino told Law.com.