X

Lawsuits Reveal Health Care Providers Betraying Patients by Sharing Confidential Information with Facebook and Others

confidential information

Many lawsuits are being filed against healthcare providers for allegedly allowing Facebook and other third parties to obtain confidential medical information. The suits are based on claims that tracking tools on healthcare websites and patient portals help healthcare providers learn how patients interact with their sites and collect information that should not be shared with vendors and other third parties. Such tracking tools may violate the Health Insurance Portability and Accountability Act (HIPAA), according to a warning issued by the Federal Trade Commission (FTC) in December 2022.

HIPAA does not allow patients to sue, so the lawsuits rely on state privacy laws. For example, some hospitals use third-party computer codes, such as Meta pixel, to track visits to their websites and portals, which patients use to schedule appointments and view their health information. The code allows Facebook and Google to intercept patients’ website communications and use the data for personalized advertising, according to a proposed class action suit against UMass Memorial Health Care. At least 664 hospital systems use the Facebook pixel that allows the social media company to receive patient data, according to allegations cited by Law.com.

In another example of alleged misuse of data, the FTC has proposed that online counseling service BetterHelp pay $7.8 million to settle allegations that it disclosed consumers’ email addresses, IP addresses, and health questionnaire information to Facebook, which was then used to target similar consumers on Facebook with ads for BetterHelp’s counseling services. The FTC alleges that BetterHelp placed no limits on how third parties could use the information, allowing Facebook and other third parties to use it for their purposes.

Baker & Hostetler, which has represented many defendants, including UMass Memorial Health Care, said in a notice of removal in the UMass case that there is no allegation that the hospital disclosed names, Social Security numbers, diagnoses, birthdates, or similar information to the third parties. The law firm said the other information allegedly disclosed is not the type of protected health information as defined by HIPAA. The suit also says that the federal government has incentivized providers participating in Medicare and Medicaid to offer patients online access to their medical records and to optimize patient engagement with their medical information. The notice says the suit should be removed to federal court because it challenges federally directed conduct.

Join our community of successful legal professionals – sign up for LawCrossing today.

The suits are “not a sure thing,” but they are “most certainly” not frivolous, said Stacey Tovino, a University of Oklahoma College of Law professor.

In conclusion, the increasing number of lawsuits alleging healthcare providers’ misuse of medical data is a cause for concern. Using tracking tools on healthcare websites and patient portals to collect information that should not be shared with vendors and third parties could violate HIPAA and state privacy laws. Patient medical data must be protected, and healthcare providers must ensure that their tracking tools are not misused. It remains to be seen how these lawsuits will play out, but they serve as a reminder that patient privacy and data protection are essential in the healthcare industry.

Rachel E: