Palm Beach Health Network Physicians Group and Palm Beach Gardens Community Hospital are embroiled in a class action lawsuit concerning the alleged use of Meta Pixel tracking code on their patient portal. Filed by Ron Prosky, a patient, the lawsuit contends that this tracking code collected sensitive data, including appointment details, medical test results, diagnoses, and search queries. This data was then allegedly transmitted to Meta and made accessible to advertisers, enabling targeted advertisements based on the patients’ private health information. This practice purportedly violates HIPAA regulations and was not disclosed in Palm Beach Health’s privacy policy.
The lawsuit, Prosky v. Palm Beach Gardens Community Hospital, Inc. et al, was filed in the Florida Southern District Court. Prosky asserts that the information collected through the Meta Pixel tracking code could be linked to individuals via identifying data such as IP addresses. After accessing the patient portal, Prosky claimed he received targeted advertisements related to his disclosed health information, underscoring the invasive nature of the data collection. The HHS’ Office for Civil Rights has issued guidance stipulating that tracking technologies on healthcare websites can only be used if patient authorization is obtained or if it is permitted under HIPAA with an appropriate business associate agreement, conditions that Palm Beach Health allegedly did not meet.
In response to widespread concerns, the Office for Civil Rights updated its guidance on HIPAA and website tracking technologies in December 2022. This update was aimed at clarifying the legal boundaries for using such technologies in healthcare contexts. Despite this, several HIPAA-covered entities, including Kaiser Permanente, have reported Meta Pixel-related data breaches. Notably, the New York Attorney General settled a similar case with New York Presbyterian Hospital for $300,000, resolving violations of HIPAA and state laws related to the use of tracking tools.
This lawsuit highlights the critical need for healthcare organizations to scrutinize their use of tracking technologies and ensure compliance with privacy regulations. As the legal landscape evolves, maintaining transparency with patients about data collection practices and securing explicit authorization for the use of tracking technologies are essential steps in safeguarding patient privacy. Palm Beach Health’s case may set a precedent for future legal actions and regulatory scrutiny in the healthcare sector.
