The lawsuit alleges that Meta, Facebook’s parent company, had access to information about when patients logged into patient portals, when they scheduled appointments and what was put into appointment forms, and data on what providers, specialists and medical condition pages they visited on Jefferson’s website. Patients did not give permission for information to be shared and were not notified of what information would be shared, according to the lawsuit.
Members of the class action said they suspected their information had been shared after they started seeing Facebook ads related to their medical conditions.
Jefferson, in legal filings, denied using Meta Pixel on its patient portals and said that third-party tracking software is used on public-facing websites, but not private medical information.
“The deployment of these tools enabled Defendant to measure browsing traffic, ensure website optimization, and increase awareness of the services offered by Jefferson Health to the community at large,” the system said in court filings. Jefferson declined to comment on pending litigation, it told the Inquirer.
Jefferson Health is just the latest system to face lawsuits around Meta Pixel.
In September, a Georgia federal judge dismissed the class action lawsuit, which claimed Piedmont unlawfully shared patient data by using Meta Pixel on its website and patient portal. The lawsuit argued that Meta Pixel transmitted patient information to Facebook without consent, but the judge ruled that the complaint failed to demonstrate actual damages. In April, a lawsuit against Oakland, Calif.-based Kaiser Permanente alleged that trackers collected and transmitted patients’ names, internet addresses and search terms to tech companies such as Google, X (formerly Twitter) and Microsoft’s Bing. Another lawsuit against the Blue Cross Blue Shield Association also that a website for the federal employees’ health plan sent data to TikTok and other tech companies.
Systems have begun to remove pixel tracking technology from their websites in the wake of the recent lawsuits.
A Bloomberg analysis found that trackers from Meta Platforms’ Facebook were able to access sensitive information such as dates of birth and phone numbers, and partial Social Security numbers on Cigna Group’s pharmacy unit website and UnitedHealth Group’s pharmacy benefit division website. A Meta spokesperson told Bloomberg that advertisers are not supposed to transmit sensitive personal information via the company’s tools and that Meta’s system is engineered to filter out such data when it is detected.
The Federal Trade Commission has fined telehealth companies for sharing user data, and HHS issued guidance that online trackers could violate federal health privacy rules — however, a Texas court ruling limited HHS’ ability to penalize healthcare companies for using trackers.
