Health System’s Use of Internet Tracking Tool Transmitted Sensitive Patient Information to Facebook

BACK TO INSIGHTS Articles

Advocate Aurora Health, an integrated nonprofit healthcare system, alerted its 3 million patient base and the Department of Health and Human Services that pieces of code known as “pixels,” an internet tracking tool, or similar technologies installed on its patient portals, transmitted certain patient information to Meta Platforms, Inc. (formerly known as Facebook), the provider of pixel technology. Aurora explained that sensitive information such as the names of patients and providers, IP addresses, and dates and locations of scheduled appointments were among the information which was transmitted to Meta. Aurora has disabled and/ or removed the pixels from its platforms and launched an internal investigation to better understand what patient information was transmitted.

Although Aurora representatives have stated that the pixels were unlikely to result in identity theft or financial harm to patients, a class action suit was filed against Meta and Aurora on October 28, 2022 in U.S. District Court in Chicago alleging violations of the Electronic Communications Privacy Act, the Stored Communications Act, and the Health Insurance Portability and Accountability Act of 1996 by “knowingly and repeatedly intercepting, accessing and disclosing” personal and sensitive health information.

Related Practices: Healthcare Law

Related Attorney: Lani M. Dornfeld, Caroline J. Patterson, Emily J. Harris

Health System’s Use of Internet Tracking Tool Transmitted Sensitive Patient Information to Facebook

Click here to read the entire November 2022 Healthcare Law Update