Palm Beach Health Sued for Alleged Use of Meta Pixel Tracking Code on Patient Portal
Palm Beach Health Network Physicians Group and Palm Beach Gardens Community Hospital are facing a class action lawsuit over the use of Meta Pixel tracking code. The tracking code is alleged to have collected the sensitive data of website users, which was transmitted to Meta and was made available to advertisers. The disclosures allowed targeted advertisements to be served.
The lawsuit, Prosky v. Palm Beach Gardens Community Hospital, Inc. et al, was filed in Florida Southern District Court by Ron Prosky, a patient of Palm Beach Health. Prosky claims that Palm Beach Health added the Meta Pixel tracking code to its patient portal and the code collected information such as appointment details, medical test results, diagnoses, and the searches made by patients on the website. The information collected could be tied to individuals via identifying information such as their IP address. After using the website, Prosky claims to have been served targeted advertisements related to information disclosed on the site.
The HHS’ Office for Civil Rights released guidance on HIPAA and website tracking technologies in December 2022 and updated the guidance this year in response to a lawsuit challenging the legality of the guidance. The updated guidance confirms that these technologies can only be used if authorization is obtained from the patient or if disclosure is permitted by HIPAA and a business associate agreement is in place with the provider of the tracking technology.
The lawsuit alleges that neither of those conditions was met and Palm Beach Health did not disclose in its privacy policy that Meta Pixel was used on the website nor that sensitive data could be collected and transmitted to third parties. Prosky alleged that Palm Beach Health violated HIPAA and knowingly violated patient privacy. The lawsuit seeks damages and punitive fines.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
In mid-2022, a study uncovered widespread use of Meta Pixel and other tracking technologies on hospital websites. Since then, several HIPAA-covered entities have reported Pixel-related data breaches to the Office for Civil Rights, one of the most recent of which was Kaiser Permanent and affected 13.4 million individuals. While the Office for Civil Rights has yet to impose any financial penalties for using Meta Pixel code, the New York Attorney General has settled a case with New York Presbyterian Hospital for $300,000 to resolve violations of HIPAA and state laws by using these tools.
