Consumer Electronics Daily was a Warren News publication.
Tracked Without Consent

Tenet Healthcare Medical Centers 'Disregarded' Patients' Privacy Rights: Suit

June 27, 2023 by Rebecca Day|Top News

Hospitals and networks in multistate health services company Tenet Healthcare “disregarded the privacy rights of millions of visitors to and users of their websites,” alleges a Friday class action (2:23-cv-05021) in U.S. District Court for Central California in Los Angeles.

Plaintiffs B.K. and N.Z., California residents, and R.P., of Florida, are suing Tenet’s Desert Care Network, including Desert Regional Medical Center, and JFK Hospital in California and Palm Beach Gardens Medical Center in Florida for collecting their confidential and private personal health information (PHI) -- including details about their medical conditions, treatments and providers sought, and appointments -- and then sending it to Facebook without prior, informed consent.

Defendants installed Facebook’s Meta Pixel tracking tool on their websites to intercept and send plaintiffs’ private information to third parties such as Facebook and Google, the complaint said. The Pixels track users as they navigate a website, logging which pages they visit, each button click and what information they provide on online forums, the complaint said. Pixels send information to Facebook via scripts running in a user’s internet browser so each data packet is labeled with an IP address that can be used with other data to identify a particular household, it said.

When users also have a Facebook account, the IP address is linked with their personal Facebook ID, which the social media platform uses to identity individuals, the complaint said. Plaintiffs using the healthcare sites’ websites thought they were communicating solely with their trusted healthcare providers and their PHI was secure, but in exchange for installing the Pixels, Facebook provides the healthcare sites “analytics about the advertisements they have placed,” plus tools to target people who have visited their sites, it said.

Information tracked via Meta Pixels includes health conditions such as diabetes, AIDS or COVID-19 diagnoses, allergies, procedures and test results, said the complaint. Plaintiffs had their PHI “harvested by Facebook” without their consent when they entered their information into the healthcare companies' websites, and they continued to have their privacy violated when their private information was used “to turn a profit” via targeted advertising related to their medical conditions and treatments sought, it alleged.

California plaintiffs claim violation of California’s Confidentiality of Medical Information Act, Invasion of Privacy Act and Unfair Competition Law, plus larceny/receipt of stolen property, and invasion of privacy under the state's constitution and common law. The Florida plaintiff claims violation of the Florida Security of Communications Act and Deceptive and Unfair Trade Practices Act. All plaintiffs claim invasion of privacy and intrusion upon seclusion, negligence, breach of contract and unjust enrichment.

Plaintiffs seek an order preventing defendants from sharing their private information, a requirement that defendants alert their website users about what information is being shared; a way to opt out for users who don’t want their information tracked; an order requiring defendants to delete, destroy and purge users’ private information; actual and statutory damages; and other equitable relief, plus attorneys’ fees and legal costs.