Children’s Healthcare of Atlanta Sued for Disclosing Health Information to Facebook
Children’s Healthcare of Atlanta is one of the latest healthcare providers to face a class action lawsuit over the use of website tracking technologies. According to the lawsuit, Children’s Healthcare of Atlanta added Meta pixel tracking code to its CHOA.org website and its MyChart patient portal. The tracking code was used by Children’s Healthcare of Atlanta to collect data for marketing purposes and transmitted the collected data to Facebook and was used to serve targeted ads.
The lawsuit was filed in the Superior Court of DeKalb County State of Georgia and alleges the tracking code was knowingly configured to collect user data from the website and patient portal, and that the code transmitted data to Facebook, including sensitive health information such as information about patients’ health concerns, appointment details, and treatments. The information was not anonymous, as it was tied to individuals via identifiers such as IP addresses, Facebook IDs, and browser and device information.
The lawsuit alleges that the addition of the tracking code to the website and patient portal, and the subsequent disclosures of protected health information to Facebook, violated the Health Insurance Portability and Accountability Act (HIPAA) and the Children’s Healthcare of Atlanta privacy policy. The plaintiff, who filed the lawsuit individually and on behalf of her two children, alleges that at no point was she told that Children’s Healthcare of Atlanta would be sharing her and her children’s data with third parties for profit, did not provide her consent, and was not made aware that the data would be provided to Facebook, which the lawsuit described as, “a company with a sordid history of violating consumer privacy in pursuit of ever-increasing advertising revenue.”
The lawsuit alleges the plaintiff and class members have been harmed by the disclosures, including but not limited to an invasion of their privacy rights, and bring causes for negligence, negligence per se, invasion of privacy, breach of implied contract, unjust enrichment, breach of fiduciary duty, breach of confidence, and bailment. The lawsuit seeks damages and other relief that the court deems just and proper. The plaintiff and class are represented by attorneys from the law firms Alonso Wirth; Cohen & Malad; Stranch, Jennings & Garvey; and Turke & Strauss.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
A lawsuit against Seattle Children’s Hospital (SCH) that made similar allegations with respect to the use of Meta pixel was recently dismissed with prejudice by a Washington court. Seattle Children’s Hospital successfully argued that it only transmitted anonymous data to third parties, stated disclosures of anonymous data to third parties in its privacy policy, and that it had not added tracking code to its patient portal. SCH said any identifiable information that was disclosed was due to the plaintiffs using browsers that allowed them to be identified, for which they gave their consent.