Orlando Health Shared Patient Info With Facebook, Sold to Advertisers, Lawsuit Says
The Orlando Health network of hospitals faces a federal lawsuit after being accused of violating HIPAA rules and sharing confidential patient information with Facebook and other third parties. The suit alleges that Orlando Health utilized tracking software on its website to collect patient data, which Facebook later sold for use in targeted advertisements.
“Information about a person’s physical and mental health is among the most confidential and sensitive information in our society, and the mishandling of medical information can have serious consequences,” attorneys wrote in the class action complaint.
Orlando Health is accused of embedding tracking software, known as the “Facebook Pixel,” on its website for data mining. According to the suit, patients frequently use the hospital network’s website to book appointments, find doctors, and research specific medical conditions. They were unaware that every “click, keystroke, and intimate detail about their medical treatment” was being transmitted to Facebook through the software.
“The information that [the software] sent to Facebook included… the type of medical treatment sought, the individual’s particular health condition, and the fact that the individual attempted to or did book a medical appointment.”
The lawsuit then claims that Facebook sold patient data to third-party marketers for use in targeted advertisements. Those marketers could then “reasonably infer from the data that a specific patient was being treated for a specific type of medical condition, such as cancer, pregnancy, dementia, or HIV.” Marketers allegedly also could “geotarget” patients based upon communications obtained from the “Pixel” software.
The plaintiff filed the lawsuit in federal court and is seeking class-action status, alleging that at least 100 patients had medical and personally-identifying information transmitted to Facebook without their consent.
Screenshots of the website and its code included in the complaint showed an example of one patient trying to book an appointment with their cardiologist. Based upon that interaction with the website, Facebook learned the patient’s name, location, gender, medical issues, and doctor’s name.
“Healthcare patients simply do not anticipate that their trusted healthcare provider will send personal health information or confidential medical information collected via its webpages to a hidden third party – let alone Facebook, which has a sordid history of privacy violations in pursuit of ever-increasing advertising revenue – without the patients’ consent.”
Attorneys for the anonymous plaintiff also warned in the complaint that Orlando Health’s breach of privacy could severely undermine public trust and create more severe health problems for patients.
“If people do not trust that their medical information will be kept private, they may be less likely to seek medical treatment, which can lead to more serious health problems down the road… [P]rotecting medical information and making sure it is kept confidential and not disclosed to anyone other than the person’s medical provider is necessary to maintain public trust in the healthcare system as a whole.”
Other stories you may want to read:
- Miami Hotel Fined $5,000 After Hosting ‘All-Ages’ Drag Show - November 30, 2023
- DeSantis Blasts Trump Over BLM Leader’s Endorsement – ‘Makes Perfect Sense’ - November 30, 2023
- DeSantis Hits Biden for ‘Failing’ Our Troops – ‘He Has Empowered the Iranians’ - November 29, 2023