Plaintiffs in a combined class action lawsuit against Meta recently sought an injunction versus Meta to make the company stop getting and transmitting information accumulated from the web pages of healthcare organizations via Meta Pixel tracking code.
The plaintiffs state that utilizing Meta Pixel code on appointment reservation pages and patient sites permits sensitive data, such as patient communications, to be obtained and monetized by Meta, which infringes federal and state privacy rules. William Orrick, U.S. District Judge for the Northern District of California, has lately set a ruling refusing the injunction.
Last summer, The Markup conducted an investigation on using tracking technologies like Meta Pixel on the sites of healthcare companies and uncovered that 33% of the 100 top hospitals in the U.S.A. put the code on their sites, several of which had added the code to their patient websites. Meta Pixel can acquire any data in HTTP headers, button click details, and form field names. That code was discovered to be sending patient information to Meta even when Meta had not entered into a business associate agreement with the medical centers.
In the previous several months, Novant Health, Advocate Aurora Health, Community Health Network, and WakeMed Health and Hospitals have all submitted a report of impermissible disclosures of patients’ PHI to OCR as a result of using Meta Pixel along with other tracking code on their web pages. Several lawsuits were also filed against Meta and healthcare organizations concerning the use of Meta Pixel code and the impermissible disclosure of the information of Facebook users, which the lawsuits assert is being employed for marketing purposes with no authorization.
The Department of Health and Human Services’ Office for Civil Rights has just stated that the usage of tracking technologies on websites is not allowable with the HIPAA Privacy Rule when those technologies obtain and transfer protected health information (PHI) except when the vendor of the tracking technology is eligible as a business associate and there’s a business associate agreement is ready or if HIPAA-compliant patient permissions are received.
Meta has asserted that it has a policy set up that limits the data businesses may give by way of Meta Pixel, and processes are set that filter out sensitive information to be sure the info is not given to promoters by means of its ads ranking and optimization solutions. Meta likewise says that any injunction that calls for the organization to cease accumulating healthcare data would be unfairly problematic and technologically not possible.
The allegations against Meta are scary: plaintiffs suggest possibly strong remarks on the value and their supposed injury can be irreparable when confirmed, explained Judge Orrick in his ruling. To get a mandatory injunction, nevertheless, plaintiffs have to present that the law and facts readily like [their] position, not merely that [they are] very likely to realize success.
Orrick mentioned that Meta has presented information that the company is doing everything it can to lessen the issues brought up by the plaintiffs, and that as per the available data it is uncertain where the actuality lies. Orrick stated it is crucial for the discovery to show the setting of the problems and the probable remedies that could be executed to handle them. Judge Orrick mentioned that it is still way too early to see that the public interest encourages an obligatory injunction.