Judge allows class action case against Meta to move forward

Meta moved to dismiss a class action claim against their use of the Meta Pixel. The judge said the case is allowed to move forward. 

What happened

Over a year ago, a class action lawsuit was lodged against Meta alleging that tracking by the Meta Pixel violated patient privacy. The case was formed partly due to a report released by The Markup, which found that the Meta Pixel was being used on hospital websites across the country. 

The report found that the Meta Pixel was collecting a broad range of data, including patient names, medical conditions, and appointment dates. 

Meta has maintained that their use of the Meta Pixel is lawful, claiming that it's used to help hospitals track effectiveness, does not significantly infringe on privacy, and that hospitals using the pixel should be held liable if needed. 

Ultimately, the tech company filed a motion to dismiss the case in May. 

Go deeper: 

• Meta claims hospitals are to blame for Meta Pixel HIPAA violations
• HHS and FTC issue stern warning on online tracking in healthcare
• 98.6% of hospitals use tracking that puts patient privacy at risk

What's new

U.S. District Judge William Orrick III held a hearing last week to determine if the case would be dismissed. 

Judge Orrick III determined in an order prior to the hearing that privacy violations claim based on the Wiretap Act would move forward. He also advanced larceny, the California Invasion of Privacy Act, and unjust enrichment claims.

Not all claims were advanced. Some, including the Unfair Competition Law, claims Consumer Legal Remedies Act claims, and more, were dismissed by Judge Orrick III. 

What they are saying

According to the Courthouse News Service, Meta's attorney Lauren Goldman claimed hospital web developers are responsible for any privacy infringements, saying, "Meta explains to web developers exactly how to meet their obligation to avoid sending sensitive data to Meta."

Goldman also said, "There's no statutory or common law doctrine that would allow the plaintiffs to impose liability upon Meta for the decision of third parties to send Meta data that it doesn't want, that it has contractually barred them from sending in."

One of the attorneys on the plaintiff's side, Jay Barnes, said that Meta needed to have conveyed clearly that the data should not be sent to them, "One way to prove it would be to show specific warnings to health care providers saying 'we don't want this data, stop sending it to us.'" 

The big picture

The case continues to highlight patient privacy and the shared responsibility between hospitals and third parties to protect data. 

When it was revealed in the spring of 2023 that 98.6% of hospitals use third-party tracking, it drew a critical eye to privacy regulations. Many claim that strong federal privacy regulations are needed to prevent third-party tracking. 

Hospitals and other healthcare organizations should pay close attention to the Meta case, which could set a precedent for cases to come. 

Related: HIPAA Compliant Email: The Definitive Guide