Advocate Aurora Health has agreed to settle a consolidated class action lawsuit over its use of Meta Pixel and other tracking tools on its website. The tools disclosed personally identifiable and protected health information to third parties and website users without user consent.
In mid-2022, a study by The Markup confirmed that many hospitals were using tracking tools such as Meta Pixel on their websites, and in some cases on their patient portals. These tracking tools collect valuable data on user interactions on websites and web applications and provide insights that allow websites to be improved; however, the tools also transmit user data to the providers of the code. In the case of Meta, that data can be used to serve targeted ads.
Advocate Aurora Health determined that tracking tools had been used that were disclosing sensitive data and reported a data breach to the HHS’ Office for Civil Rights in October 2022 that affected up to 3 million individuals. Advocate Aurora Health said Meta Pixel, Google Analytics, and other tracking tools had been used which may have impermissibly disclosed protected health information. The tools have since been removed from its website, MyChart patient portal, and LiveWell app.
Several lawsuits were filed against Advocate Aurora Health after it issued notifications to the affected individuals. Due to the similarities of the claims, the lawsuits were consolidated into a single class action. The proposed settlement is intended to resolve all claims related to the use of tracking technologies. The settlement has received preliminary approval but is subject to final approval from the court and a final settlement hearing has yet to be scheduled.
Under the terms of the settlement, a $12.25 million fund will be established, 35% of which will cover attorneys’ fees and expenses. Class representatives will be paid $3,500 each as compensation, and the remainder of the settlement will be divided pro rata, with class members eligible to receive a cash payment. Class members include individuals residing in the United States between October 24, 2017, and October 22, 2022, that had some of their personal or health information disclosed to third parties after using the LiveWell app, website, or MyChart patient portal.
Dozens of class action lawsuits have been filed against healthcare providers over the use of Meta Pixel and other tracking tools and Meta is being sued for failing to take action to stop healthcare organizations from using the tools on their websites. The HHS’ Office for Civil Rights released guidance last year on HIPAA and tracking technologies, and along with the Federal Trade Commission, recently wrote to 130 hospitals and telehealth providers warning them about the use of these tools and the potential for impermissible disclosures of covered health data. OCR has already stated that it is actively investigating the use of these tools by HIPAA-regulated entities and the FTC has taken action against GoodRx, BetterHelp, and Easy Healthcare (Premom) over impermissible disclosures of health data to third parties through these tracking tools.