Governance & Risk Management , Privacy

Judge Denies Motion to Stop Health Data Scraping by Meta

Early-Stage Ruling in Proposed Class Action Privacy Lawsuit Could 'Evolve'
Judge Denies Motion to Stop Health Data Scraping by Meta

A federal judge has denied granting a preliminary injunction sought against Meta to stop the company's Pixel tracking code in third-party healthcare websites from allegedly collecting and disseminating patient information for advertising purposes.

See Also: Using the Netskope HIPAA Mapping Guide

Plaintiffs in a proposed consolidated class action lawsuit in a San Francisco federal court sought the injunction, alleging that Facebook's parent company violated medical privacy laws by obtaining data from its web tracking Pixel tool embedded into patient portals and scheduling apps.

In his ruling on Thursday, U.S. District Judge William Orrick of the Northern District of California said that while the allegations against Meta are disturbing, the plaintiffs "do not meet the high standard required for a mandatory injunction" to be granted.

"To secure a mandatory injunction … plaintiffs need to show 'that the law and facts clearly favor [their] position, not simply that [they are] likely to succeed,''' he wrote.

"Our nation recognizes the importance of privacy in general and health information in particular: The safekeeping of this sensitive information is enshrined under state and federal law," Orrick wrote.

Meta's core defense in the case is that the company has measures in place, including policies and filtering, to address the alleged receipt of sensitive health information scraped by Pixel from websites upon which the tracking code is used (see: Federal Judge Skeptical of Facebook in Patient Privacy Suit).

Meta argues that it would be "unfairly burdensome and technologically infeasible for the company to take further action," the judge wrote.

"In light of the systems in place that Meta has created to block receipt of this sensitive information and the factual uncertainties, it is too early to find that the public interest supports a mandatory injunction," Orrick ruled. But he added, "Of course, my perspective may evolve as the factual record develops in the case."

Controversy Grows

The lawsuit seeks damages and is part of a wave of pressure against Meta regarding its collection and use of medical data. The issue surfaced this summer following the U.S. Supreme Court's decision to overturn precedent guaranteeing nationwide access to abortion. The ruling, known as Dobbs, increased concerns that tech companies track and possibly disclose individual health data to third parties.

Sen. Mark Warner, D-Virginia, wrote to Meta CEO Mark Zuckerberg in October to express concern over the company's ability to use its website tracking tools to obtain sensitive health data, including medical conditions, appointment dates and treating physician names.

So far, at least three healthcare entities have reported their use of Pixel as a HIPAA breach - North Carolina-based WakeMed Health and Hospitals; Advocate Aurora Health, a Midwest health system; and Indiana-based Community Health Network.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.