Hospital Accused Of Selling Patient Data With Facebook 

( A complaint was filed against U of L Health, claiming that it violated federal privacy rules by disclosing patients’ health information to Facebook.  

The Department of Health and Human Services stated in December 2022, warning that the practice may violate HIPAA, the federal statute controlling patient privacy. 

The complaint claims that U of L Health, affiliated with the University of Louisville in Kentucky, installed the Meta Pixel on its patient portal and website so that the advertising firm could benefit from collecting and using patients’ personal information.  

The case was brought in Jefferson Circuit Court on concerns that prescription drug histories and diagnoses were routinely communicated to Facebook (now known as Meta) through computer code, the Meta Pixel installed in the U of L Health website. 

According to research released by the tech journal Markup in June of last year, the Meta Pixel was discovered integrated on the websites of 33 of the top 100 hospitals in the nation. These institutions include Johns Hopkins University, Duke University, and New York Presbyterian Hospital. 

Meta receives sensitive information when a user connects to the hospital website by clicking a button to schedule a doctor’s visit. 

The case states that the declared objective of Meta Pixel is “to gather individuals’ information for ad targeting purposes,” which is at odds with U of L Health’s assertion that it gives Facebook only aggregate data which is entirely anonymous. 

U of L Health spokesperson David McArthur said the organization would not comment on any litigation but that Meta Pixel would not have access to patient’s private medical records via the website. 

The complaint alleges that UL’s online privacy policy specifies that no personal information is shared with other parties. In addition, it states, “We may partner with third-party service providers who may insert cookies, web beacons, or similar technologies on your computer…” to “gather anonymous information about the usage of our website.” 

In this complaint, the plaintiff claims that the defendant violated the Kentucky Consumer Protection Act and the statute against an invasion of privacy, breach of contract, and unjust enrichment.  

The complaint claims that many people might file claims for the same damages caused by U of L Health’s use of the Meta Pixel; hence the case should be certified as a class action.