John Doe, the plaintiff, filed the proposed class action complaint, which alleges that Google, Microsoft Bing, and Meta, the parent company of Facebook, were given access to his and other patients’ confidential information, including information about their medical inquiries.
Using tracking code that it incorporated into its website, Cedars-Sinai “sent to third parties portions of the patients’ private contacts with it for the sole purpose of sharing such information with marketing firms,” according to the lawsuit. The communications of patients were wiretapped in real time thanks to this code.
According to the lawsuit, originally reported by The Register, patients at Cedars-Sinai can use either the hospital’s website or its app to log into the patient portal and research symptoms about their medical conditions, about doctors who can treat said conditions, as well as other issues related to their health.
However, the lawsuit claims Cedars-Sinai’s website had Meta Pixel programmed. Meta Pixel is a piece of code that can help identify how Facebook users are interacting with content on a website.
Allegedly, when a patient entered any of the following information types of medical treatment sought; name, sex, language and specialty of a physician; searches related to COVID-19 information and treatment; locations where treatment was sought; or that a telephone was made to schedule an appointment it was shared simultaneously with Meta.
“By way of illustration, if a patient made an appointment with a doctor for treatment of cancer, the tracking code Cedars-Sinai put on its website conveyed that information to Meta, which in turn allowed Meta to include that patient in marketing target groups that it offered to its other advertising clients who wanted to market to cancer patients,” according to the lawsuit.
The lawsuit claims John Doe “has noticed an increase in the number of health-related ads that he has received, and he has received ads relating to the condition about which he communicated on Defendant’s website.”
In a statement to a news channel, a Cedars-Sinai spokesman said the hospital upholds patient privacy but did not comment on the allegations.
“We are unable [to] comment on pending litigation, but we can say that the health and medical privacy of our patients and community are of the utmost importance,” the statement said. “We will continue to follow regulatory guidance in this area while striving to provide the best website experience for people searching for healthcare information and treatment options.”
Meta declined to comment on the lawsuit but pointed reporters to their Business Tools policies that prohibit advertisers from sharing an individual’s sensitive health information.
“We have no statement at this time beyond the allegations plead in the complaint,” Rachele Byrd, managing partner of firm Wolf Haldenstein Adler Freeman & Herz’s San Diego office and one of the attorneys for the plaintiff, told a news channel in an email.
Meta is not the only defendant in the lawsuit. The lawsuit also claims Cedars-Sinai placed tracking codes from Google Analytics and Microsoft Bing on its website to help target website visitors with more personal advertisements.
“Google Analytics is a measurement product that helps businesses better understand their web and app performance businesses own the data collected and can delete it at any time,” a Google spokesperson said in a statement to a news channel. “As a product, Google Analytics was built so that users could not be identified by Google for ourselves or anyone else and data in Google Analytics is obfuscated and aggregated. Additionally, we have strict policies against advertising to people based on sensitive information and take action when a customer violates these terms.”
Microsoft did not immediately respond to reporters request for comment.
This is not the first time Meta has been targeted in a lawsuit for use of its Meta Pixel.
In a proposed class action lawsuit filed in Louisiana last month, patients alleged LCMC Health Systems, based in New Orleans, and Willis-Knighton Health System, based in northwestern Louisiana, shared sensitive medical data without patients’ knowledge or consent.
“We are learning more and more about this shocking breach of trust as our investigation continues,” attorney Stephen Herman, a partner at law firm Herman Herman & Katz, which is representing the plaintiffs in the Louisiana case, told reporters in a statement. “This was a gross invasion of privacy that went on for years.”