Cedars-Sinai hospital's website shares patient info with Meta, lawsuit claims
Facebook parent could then offer that data to other advertising clients, complaint alleges
Patients of Cedars-Sinai did not want third parties to target them with advertising that may be related to their medical conditions, a would-be class action lawsuit against the Los Angeles teaching hospital says.
The lawsuit [PDF] was originally filed in the California Superior Court before being transferred to a federal court late last week.
The complaint filed by anonymous patient John Doe claims that his and other patients' private data, including medical information, was communicated to Facebook/Meta via the use of the so-called Meta Pixel on Cedars' website. The suit describes Pixel as "a piece of code written by Meta to enable itself and its business customers to track and share data about customer transactions."
The suit goes on to claim that:
While the Pixel was on the website, when a patient entered the following information, the information would simultaneously be shared with Meta:
- The types of medical treatment the patient sought;
- The name, gender, language, and specialty of the physician(s) that the patient specified when seeking treatment;
- The patient's searches relating to COVID-19 information and treatment;
- The locations where the patient sought treatment; and
- That a patient clicked to make a telephone call in order to schedule an appointment through the site.
The suit also claimed that "by installing the tracking code" Cedars-Sinai let marketing entities use patients' private information to target them with advertising by "other, unrelated businesses."
It added: "By way of illustration, if a patient made an appointment with a doctor for treatment of cancer, the tracking code Cedars-Sinai put on its Website conveyed that information to Meta, which in turn allowed Meta to include that patient in marketing target groups that it offered to its other advertising clients who wanted to market to cancer patients."
The suit also takes issue with Cedars' use of Google Analytics and Microsoft's bat.bing, specifically in the context of a website where they enter private and personal information. It points out, for example, that Google's rules for advertisers state that users' "physical or mental health conditions" and "products used to treat them... should not be used in advertising."
- Guess which Fortune 500 brands and govt agencies share data with Twitter?
- Oops, web trackers may have leaked 3 million patients' info
- FYI: TikTok tracking pixels can be found all over the web – just like Meta, Google
- US lawsuit alleges tool used by hospitals shares patient data with Meta
Cedars Sinai declined to comment on pending legal matters.
The suit comes just months after another anonymous Doe sued Meta itself in the Northern District of California, alleging Facebook had received patient data from at least 664 hospital systems or medical providers via the same method – then known as Facebook Pixel.
The Cedars-Sinai Doe is looking for damages, fees, class certification for his lawsuit and an injunction stopping the medical group from sharing further private info without users' permission. ®