Healthcare providers that collect personal medical information have a legal duty to protect and prevent it from falling into the wrong hands. When they don’t, we make it right.
The use of online tracking technologies, which provide valuable insights into the behaviors of website and mobile application users, are routinely used by businesses across the Internet. These technologies track users as they navigate through a website, logging which pages they visit, which buttons they click and certain information they enter into forms. In exchange for installing the tracking software, third-party platforms (e.g., Facebook and Google) provide website owners with analytics about who is viewing their website as well as tools to target visitors for ad campaigns.
In 2022, investigative journalists published several reports detailing the seemingly ubiquitous use of tracking technologies on hospital, health care provider and telehealth digital properties to surreptitiously capture and disclose their users’ personal health information to various social media companies. For example, The Markup reported that 33 of the largest 100 hospital systems in the country utilized Meta’s tracking tools to identify patients and automatically transmit to Facebook every click, keystroke and detail about their medical treatment.
Information about a person’s physical and mental health is among the most confidential and sensitive information in our society and the mishandling of such information can have devastating consequences. Protecting medical information and making sure it is kept confidential and not disclosed to anyone other than the person’s medical providers is vitally necessary to maintain public trust in the healthcare system as a whole. This kind of conduct is particularly egregious when it is done, as usual, for profit.
Countless lawsuits have been filed against healthcare providers alleging the unauthorized disclosure of private health information to social media companies. Fortunately, federal law provides a private right of action to recover damages from this exact type of conduct.
The Electronic Communications Privacy Act (“ECPA”) of 1986 is a federal statute that prohibits unauthorized interception or disclosure of wire, oral, or electronic communications. The ECPA also prohibits the interception of electronic communications that are used for a criminal or tortious purpose (such as disclosing protected health information), even if one party to the communication consents to the interception.
The ECPA provides for statutory damages of $2,500 for each person whose rights were violated under the Act.
Our firm is at the forefront of this litigation and has worked vigorously to protect patient’s highly sensitive medical information from being disclosed without authorization, having brought suit against Advocate Health Care, Edward-Elmhurst Health, The University of Chicago Medical Center, and others.
If you believe your private health information was unlawfully disclosed and want more information on your rights, please contact us.