Children's Healthcare of Atlanta (CHOA), the largest pediatric healthcare provider in Georgia, is facing a class-action lawsuit alleging the illegal sharing of patients' private information with third parties, including Meta (Facebook).
The lawsuit claims that CHOA installed tracking tools on its website and patient portal, exposing private details about patients' medical treatments without their knowledge or consent. CHOA allegedly uses this data for marketing purposes and was used by Facebook for targeted advertising.
What happened
The lawsuit against CHOA sheds light on the alleged misuse of tracking technologies and the unauthorized sharing of patients' private information. By installing Facebook's Meta pixel on their website and patient portal, CHOA is accused of actively facilitating the collection and transmission of sensitive health data to Facebook and other third-party marketers.
The lawsuit argues that CHOA's actions violated patients' privacy rights and breached their trust. Patients trust healthcare providers to safeguard their personal information and would not reasonably anticipate that such information would be shared with hidden third parties, particularly a company with a controversial track record like Facebook.
The backstory
The data breach and alleged privacy violation are estimated to have affected millions of patients. In response, the class-action lawsuit seeks to represent all Georgia residents whose private information was disclosed by CHOA to third parties without authorization through the use of Meta pixel and related technology.
Going deeper
According to the 56-page privacy lawsuit, CHOA used Facebook's Meta pixel, a back-end code configured to track user interactions, to collect and send patients' health information to Facebook. This includes details about medical concerns, appointments, treatments, and doctors. The Meta pixel also gathers additional information such as IP addresses, browser and device details, and Facebook IDs, allowing the company to connect patients' activities with their identities.
The lawsuit contends that Facebook sells this private information to third-party marketers who use it to target patients with online advertisements. Moreover, these third parties could potentially infer specific medical conditions, such as cancer, pregnancy, dementia, or HIV, based on the data shared.
What was said
The filing states, "Healthcare patients simply do not anticipate that their trusted healthcare provider will send their private health information to a hidden third party—let alone Facebook, a company with a sordid history of violating consumer privacy in pursuit of ever-increasing advertising revenue—without their consent."
Why it matters
The lawsuit against Children's Healthcare of Atlanta sheds light on a troubling trend: the unauthorized sharing of patients' private information and the covert use of tracking tools. Such actions violate patients' trust and raise serious ethical and legal concerns.
The alleged installation of tracking tools on CHOA's website and patient portal underscores the potential for the exploitation of sensitive medical data for marketing purposes. Moreover, the purported sharing of this information with third parties like Facebook for targeted advertising proves the need for more transparency and consent in data practices.
Related: OCR updates guidance on online tracking for HIPAA entities
Farah Amod
