A class action lawsuit accuses suburban Chicago health and hospital company Edward-Elmhurst Health of violating patients' privacy rights by allegedly allowing patient healthcare information to be traced and shared by Facebook's Tracking Pixel software.
Edward-Elmhust operates web portal that allows patients to book medical appointments, locate physicians and treatment facilities and other services, according to the suit filed in Cook County Circuit Court. The company also has a web-based portal, MyChart.
"Unbeknownst to Plaintiffs and Class Members, however, Defendant had embedded the Facebook Tracking Pixel on its Web Properties which automatically transmits to Facebook every click, keystroke and detail about their medical treatment," the suit alleges. "Pixel allows the private information that Plaintiffs and Class Members provide to Defendant to be unlawfully disclosed to Facebook alongside the individual’s unique and persistent Facebook ID."
Edward-Elmhurst "effectively planted a bug on Plaintiffs’ and Class Members’ web browsers and compelled them to unknowingly disclose their private,
sensitive and confidential health-related communications with Defendant to Facebook," the suit states. "Defendant utilized the Pixel and CAPI data for marketing purposes in an effort to bolster its profits."
Patients did not provide written authorization permitting the company to release their information to Facebook nor were they told the information was shared, the suit alleges.
The disclosure violated the federal Health Insurance Portability and Accountability Act (HIPPA) of 1996, the suit contends.
"Lest there be any doubt of the illegal nature of Defendant’s practice, the Office for Civil Rights (OCR) at HHS has made clear, in a recent bulletin that the unlawful transmission of such protected information violates HIPAA’s privacy rule," the suit says.
The practice also violates the Illinois Eavesdropping Statute and the state's Consumer Fraud and Deceptive Business Practices Act, according to the suit.
It seeks an injunction barring Edward-Elmurst from continuing to violate patient privacy rights, plus unspecified actual and punitive damages and attorney fees.
The plaintiffs are represented by Ryan F. Stephan, Teresa M. Becvar and Michael Casas, of Stephan Zouras LLP, of Chicago.