We recently filed a class-action lawsuit against Advocate Aurora Health following an investigation which revealed that private patient data collected by the health organization was being shared with Facebook (now known as Meta). Advocate’s data privacy violations could affect as many as three million patients.
As alleged in the lawsuit, patients use Advocate’s LiveWell online portal to schedule appointments, learn test results and communicate with their health care providers. Unbeknownst to patients, Advocate, through the use of a pixelated code, transmitted protected health information (PHI) to Facebook without patient consent or authorization.
The data privacy violations come in the wake of Advocate’s plans to merge with Atrium Health in a move to expand its footprint into Wisconsin, Illinois, North Carolina, South Carolina, Georgia and Alabama. This merger would boost Advocate Aurora Health’s footprint to 5.5 million patients.
Alistair Stewart, an Advocate patient who filed the complaint, claims that Advocate and Facebook were well-aware that sensitive, personal and private health information of patients was being improperly shared but allowed this conduct to take place anyway. The ‘pixel’ technology allowed third-parties, like Facebook, the ability to monitor and track patient browsing trends to generate revenue from targeted advertising.
“At all relevant times, Advocate and Facebook knew that the Meta Pixel intercepted and disclosed personally identifiable patient information and PHI,” Stewart states in the complaint. “This was evidenced from, among other things, the functionality of the Pixel, including that it enabled Advocate’s LiveWell portal to show targeted advertising to its digital subscribers based on the products those digital subscribers had previously viewed on the website, including certain medical tests or procedures, for which Advocate received financial remuneration.”
The U.S. Department of Health and Human Services has a list of ongoing investigations into healthcare-based data breaches and other privacy violations with hundreds of investigations currently open. The Advocate matter is classified as an “Unauthorized Access/Disclosure.” According to the same database, there are 51 active investigations into the mishandling of patient information in the healthcare system in Illinois from various entities.
If you would like to learn more about how Stephan Zouras LLP can help with remedying violations of your data privacy rights, contact us here.