A class action lawsuit has been filed in California against Facebook owner Meta, the Dignity Health Medical Foundation and the UCSF Medical Center, alleging that they illegally collected sensitive healthcare data and used it for targeted ads.
According to the lawsuit, Meta and the hospitals did not inform patients about the data collection. The plaintiffs became aware of the data collection after seeing ads targeted for their specific medical condition on Facebook.
We obtained a copy of the lawsuit for you here.
The data collection was enabled by Meta Pixel, a piece of code injected in many websites that enables data collection, visitor profiling, and targeted advertising. The lawsuit further claims that Meta Pixel is found in 33 websites of the top 100 hospitals in the country. In seven of the 33 websites, Meta Pixel runs in password-protected patient portals.
The plaintiffs note that their privacy was violated because they never agreed to the data collection. Meta’s own data privacy policy states that users of Meta Pixel need legal rights to collect, use, and share users’ data.
“Healthcare Defendants do not have the legal right to use or share Plaintiffs’ and Class members data, as this information is protected by the Health Insurance Portability and Accountability Act of 1996’s (“HIPAA”) Privacy Rule, which protects all electronically protected health information a covered entity like Healthcare Defendants “create, receive, maintain, or transmit” in electronic form,” the lawsuit states.
The lawsuit provided examples of patients receiving targeted ads on Facebook and via email. Some of these ads promoted medical services that are not supported by science.