California Teaching Hospital Settles Meta Pixel Data Breach Lawsuit
Eisenhower Medical Center (now Eisenhower Health), a Rancho Mirage, CA, a nonprofit teaching hospital, has agreed to settle a lawsuit that alleged impermissible disclosure of sensitive patient data to third parties due to tracking technologies on its website.
Like many hospitals, Eisenhower Medical Center had added Meta Pixel and other tracking tools to its website to learn how its website was being used. These tools collect information about website visitors and how they navigate across the website, and generally transmit that information to the providers of those tools, including Meta (Facebook) and Google.
A lawsuit was filed against Eisenhower Medical Center – B.K., et al. v. Eisenhower Medical Center – in the United States District Court for the Central District of California that alleged that Eisenhower Medical Center encouraged individuals to use a variety of digital tools via its website to gain insights into users, improve its return on marketing dollars, and increase its revenue, and that it was aware that data was being shared with third parties, yet failed to obtain consent from users or get their authorization to share their sensitive data.
According to the lawsuit, the information shared with Meta and others included private health information such as medical conditions, treatments, providers, and appointments, based on each individual’s interactions on the website. The lawsuit asserted 14 causes of action including negligence, breach of implied contract, breach of fiduciary duty, unjust enrichment, invasion of privacy under the California constitution, and violations of the California Confidentiality of Medical Information Act, Electronic Communications Privacy Act, California Invasion of Privacy Act, California Unfair Competition Law, and California Consumers Legal Remedies Act.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Eisenhower Medical Center has denied and continues to deny all allegations and claims in the lawsuit and maintains there was no wrongdoing; however, it chose to settle the lawsuit to avoid further litigation costs and the uncertain outcome of a trial.
Under the terms of the settlement, Eisenhower Medical Center has agreed to establish a $875,000 settlement fund to provide class members with cash compensation. The settlement fund covers attorneys’ fees, which will not exceed $288,750, litigation costs up to $20,000, class representative awards ($2,500 for each of the two named plaintiffs), and settlement administration costs. The remaining funds will be divided pro rata between all individuals who submit a claim. Class members include all individuals who logged into the EMC MyChart patient portal and/or submitted an online form and/or scheduled a laboratory appointment on the EMC public website between January 1, 2019, and May 3, 2023.
Eisenhower Medical Center has also agreed not to use Meta Pixel or other tracking tools on its website for at least two years, and should tracking tools be used after that time, an affirmative disclosure will be made about the tools. Eisenhower Medical Center has also agreed to maintain a newly created Web Governance Committee to assess the use of analytics code and website tools to ensure they are compliant with all applicable laws.
