Meta Platforms (formerly Facebook, Inc.), University of California, San Francisco (UCSF) Medical Center and Dignity Health Medical Foundation are being targeted in an anonymity-focused class action
“Defendant’s conduct constitutes an egregious invasion of the privacy rights of plaintiffs and class members and violates federal as well as state statute and common law,” her attorneys wrote in the complaint.
Plaintiff, known in the lawsuit as Jane Doe, began receiving emails and seeing on Facebook with her medical care after she scheduled an appointment and used UCSF and Dignity to contact doctors Patient Portal for condition-related targeted advertising. What she didn’t know was that a piece of software called “Meta Pixel” was embedded in their code.
The Meta Pixel, as Meta describes it to potential users, is a “snippet of JavaScript code that allows you to track visitor activity on your website.” UCSF Health in its website privacy statement It does state that they collect personal medical information about their users for a variety of reasons, including to send “product and service information” and “to improve the user experience of the UCSF Health website,” although the statement also says that unless required by law, the health system Personal information will not be shared “without your consent.”
UCSF Health’s policy also acknowledges that they “may” use third parties, including the “Facebook Pixel,” to collect information from websites, stating that “these companies collect information from the UCSF control or management. “
The only way to opt out of this data collection is to go to Facebook’s website and change the privacy settings.
Also, these policies only apply to consumer-oriented The user’s website, which is separate from the patient portal MyChart, where more private data is stored, such as health records, test results, and di unaware. MyChart’s privacy policy states “The information you provide on this website is protected by federal law” , but additionally directs the patient to Customer Service for more information.
According to the complaint, “When Plaintiff Doe logged into Medical Defendant’s patient portal, there was no indication that the Meta Pixel was embedded Or it would collect her sensitive medical information. “
Meta implies that they are receiving sensitive medical information from those who use their tools – and that this data sharing violates their own policies.
A Meta spokesperson sent MedPage Today a link to their Meta Pixel policy in an email. According to their statement on “Restricted Meta Business Tool Data” page (the meta pixel is one of their “business tools”), “Advertisers should not share with meta business tool data that they know or reasonably should know comes from or about children. 13 years of age, or include health or financial information, or other categories of sensitive information. “
They define “sensitive health information” on another page, which includes information about illnesses, medical conditions, and injuries — which is exactly what the lawsuit claims they did access and use on Facebook Content that sends Doe Ads.
However, Meta’s policy states that they may collect personal contact information from these sites and then match it to a “Meta User Account” – which means Meta Any information collected can be used to find a user’s Facebook account and tailor Facebook ads specifically to that user.
Suit claims Meta Violating its own policy,” not enforced or completely ineffective. They cite documents leaked from Meta in 2021, in which Meta engineers admitted that “we don’t have an adequate level of control and interpretability over how our systems use data.” “
The advertisement that the patient received after she used the portal to receive test results, the diagnosis of her heart and knee condition was very specific and could come from the patient portal itself: from “Dr. Livingwood” One article mentions “the state of your heart.” Another announces “30 seconds for the UpWellness Shop.” Joint Pain Tips ‘Greases’ Bone-on-Bone Knee Pain”. Email ads crept into her inbox, including one about cardiovascular treatment.
“She She was getting a lot of targeted emails, so she created a new email account, different from the one associated with her Facebook account to avoid ads,” Melissa Nafash, J.D., Labaton Sucharow, one of the companies representing Doe, said in a statement to “This is an overwhelming invasion of plaintiff Doe’s privacy, and we look forward to representing her and the presumed class in this important case.” “
The lawsuit also argues that none of the defendants has a right to collect or use, let alone share, sensitive medical information protected by various California laws and HIPAA, saying that “the use and disclosure of Meta discloses protected health information for targeted advertising. ”
A UCSF spokesperson told MedPage Today in an email that they are unable to provide Dignity Health Medical Foundation did not respond to a request for comment in a timely manner.
-
Sophie Putka is a corporate and investigative writer for MedPage Today. Her work has appeared in The Wall Street Journal, Discover, Business Insider, Inverse, Cannabis Wire, etc. She joined MedPage today in August 2021. Follow
