This article is more than 1 year old

US lawsuit alleges tool used by hospitals shares patient data with Meta

Booking appointments and other interactions with hospital portals can lead to some medical details being shared for advertising, class action claims

Social media megacorp Meta is the target of a class action suit which claims potentially thousands of medical details of hospital patients were shared with its Facebook brand.

The proposed class action [PDF], filed on Friday, centers on the use of Facebook Pixel, a tool for website marketing and analytics.

An anonymous hospital patient, named John Doe in court papers, is bringing the case — filed in the Northern District of California — alleging Facebook has received patient data from at least 664 hospital systems or medical providers, per the suit.

"Despite knowingly receiving health-related information from medical providers, Facebook has not taken any action to enforce or validate its requirement that medical providers obtain adequate consent from patients before providing patient data to Facebook," the lawsuit stated.

UK health company EMIS bought by US insurance giant

Health records provider EMIS bought by US insurance giant UnitedHealth Group has agreed to acquire EMIS Group, a UK software company specialising in electronic health records, in a deal set to be worth £1.24 billion ($1.52 billion). EMIS is widely used in UK's NHS and it was the software systems selected by the £10bn National Programme for IT which ran from 2003 to 2011.

The lawsuit alleges: "Facebook monetizes the information it receives through the Facebook Pixel deployed on medical providers’ web properties by using it to generate highly-profitable targeted advertising on and off Facebook."

The plaintiff claims that Facebook also offers the ability to engage in remarketing based on positive targeting, "serving specific ad campaigns to patients based on the specific actions those patients took", or negative targeting such as "ensuring that ads are not shown to users who have taken specific action."

On its website, Meta says: "If Facebook's signals filtering mechanism detects Business Tools data that it categorizes as potentially sensitive health-related data, the filtering mechanism is designed to prevent that data from being ingested into our ads ranking and optimization systems."

Under US law, a health care provider or business associate of a health care provider "may not use or disclose protected health information except as permitted or required by" the Health Insurance Portability and Accountability Act.

However, the lawsuit alleges: "Through its account managers and representatives, Facebook is aware that it is receiving patient data from hundreds of different medical providers in the United States without patient knowledge, consent, or valid HIPAA authorizations."

The complainant is seeking compensatory and punitive damages for breach of contract, violation of the federal Electronic Communications Privacy Act and a constitutional claim for invasion of privacy, among other allegations.

Meta has so far declined the opportunity to comment. ®

More about


Send us news

Other stories you might like