An emerging Seattle-based class-action lawsuit condemns a major hospital for allegedly sharing sensitive patient information with Facebook and associated third parties. The claim puts into question the ethical dimensions of little-known data-monitoring tools that could have devastating impacts.
The litigant, Jacq Nienaber, has accused Overlake Hospital Medical Center of effectively allowing Meta Pixel, and its Conversions Application Programming Interface, to act as a kind of surveillance within its infrastructure.
These marketing tools, commonly embedded in websites to optimize advertisement delivery, have resulted in a significant breach of trust, as intimate health secrets belonging to hundreds of thousands of patients have potentially been siphoned off and shared.
We obtained a copy of the lawsuit for you here.
Ironically, the revelations came to light around the same time the Federal Trade Commission (FTC) and Department of Health and Human Services (HHS) highlighted the severe privacy risks around such prevalent web and mobile app tracking technologies in a joint advisory letter to 130 hospitals and health app developers. The warning stated that ill-guarded tracking tools such as Meta or Facebook pixel and Google Analytics could lead to unwanted implications, including identity theft and discrimination against unsuspecting consumers.
Nienaber’s lawsuit amplifies the cautionary approach of the agencies. It contends that Overlake Hospital not only used the surveillance widgets to increase profitability by encouraging patients to interact more with its digital health platform, but also allowed Facebook’s parent company, Meta and associated marketers to violate patients’ confidentiality by accessing their information.
This far-reaching access could permit third parties to derive knowledge about users’ specific medical conditions, which could include sensitive issues like cancer, pregnancy, HIV, or dementia, according to the lawsuit. Nienaber’s lawsuit underscores that such risks are inherent in Overlake’s corporate ambition to “optimize the delivery of ads, measure cross-device conversions, create custom audiences, and decrease advertising and marketing costs.”
The Facebook pixel, an unnecessary addition that has no bearing on the website’s functioning, arguably serves Overlake’s self-interests at the expense of its patients. Bellevue-based Overlake allowed Meta to automatically and subtly access a wide range of patient details, including the specifics of their symptoms, treatments, and conditions.
“Overlake Medical Center & Clinics is not able to comment on pending litigation,” the hospital said in a statement to Reclaim The Net. “But we can say that we take our responsibility to protect patient information very seriously. We have a robust information systems program that strives to always protect patients’ privacy and follow all regulatory guidelines to ensure patients’ private health information is secure.”