Meta accused of tracking patient’s sensitive information for targeted advertisement
A class action lawsuit was filed against Meta Facebook in the Northern District of California where a large group of people suffered the same issue from the company and collectively claimed the court to take action against Meta. According to the lawsuit the UCSF Medical Center and the Dignity Health Medical Foundation alleged that organization such as Meta has been unlawfully collecting sensitive healthcare information about the patients solely for advertising.
According to the reports, the said organization collected data from both the medical portals beyond its login walls where sensitive information regarding the patients is usually kept for the hospital to use. The lawsuit stated that neither the hospitals nor Meta took the consent of the patients before transferring details. They realized their data has been transferred from the hospital to Facebook when Facebook started showing specific advertisements similar to the medical condition they have.
According to the data-driven investigation agency the Markup, Meta Pixel is used by more than 80,000 popular websites and several anti-abortion clinics and other healthcare providers. It is believed to have established tracking codes in 33 websites of the top 100 hospitals in the US. Interestingly the tracking codes can access data from even password-protected client information sections on the portals. The Meta Pixel is a piece of code that can be injected into any website to collect data regarding visitors’ profiles for targeted advertisements.
According to the collective that filed the lawsuit, they received targeted advertisements specifically detailing their medical conditions over Facebook and emails. They claim to feel violated by those ads as they never agreed to deliver sensitive information regarding them. However, Meta detailed that they have rights over its data privacy policy stating that its partners can collect data lawfully regarding patient information and transfer it over to the company.
The complaint reads, “Healthcare Defendants do not have the legal right to use or share Plaintiffs’ and Class members data, as this information is protected by the Health Insurance Portability and Accountability Act of 1996’s (“HIPAA”) Privacy Rule, which protects all electronically protected health information a covered entity like Healthcare Defendants “create[], receive[], maintain[], or transmit[]” in electronic form.”
The collective accused both Meta and the hospitals of sharing and transferring sensitive information without the knowledge of the patients.