Meta Faces Lawsuit For Unlawful Collection Of Patient Data

A class action lawsuit has been filed against Meta regarding the unlawful collection of sensitive patient information via hospital websites. The lawsuit has come days after a report was issued by The Markup, detailing how the tech giant gathered patient data from a third of the top hospital’s websites using an analytical tool called Meta Pixel. The Markup found that the Meta Pixel collected data whenever an individual would click a button to book an appointment with their clinician. The data would be connected to the individual’s IP address, which would then generate a receipt of the appointment and send it to Facebook. The Markup also found the analytical tool within 7 of the hospitals’ password-protected patient portals. 

The lawsuit alleges that Meta’s data collection is in violation of the Health Insurance Portability and  Accountability Act (HIPAA). The case was filed by an anonymous patient of the Baltimore patient of Baltimore’s Medstar Health System and is due to take place in the Northern District of California. The plaintiff is said to be representing millions of other individuals who also had their personal medical data unlawfully disclosed. The plaintiff has claimed to have identified 664 hospital or healthcare provider websites that have provided Facebook with patient data using the Meta Pixel. 

The plaintiff has requested that Meta provide full compensatory and punitive damages to affected individuals on the basis of a breach of contract,  invasion of privacy, violations to digital privacy laws, and several other allegations. The plaintiff contends that “Facebook is aware that it is receiving patient data from hundreds of different medical providers in the United States without patient knowledge, consent or valid HIPAA authorizations”. 

Despite the allegations, Meta has maintained that they have not collected data unlawfully in any capacity. In a statement provided to The Markup, a Meta spokesperson states “If Meta’s signals filtering systems detect that a business is sending potentially sensitive health data from their app or website through their use of Meta Business Tools, which in some cases can happen in error, that potentially sensitive data will be removed before it can be stored in our ads systems”. The Markup was unable to confirm whether Facebook had used the data gathered to create targeted advertisements or recommendation algorithms.