Facebook is facing two lawsuits over a tracking tool that allegedly has been targeting ads to people based on information about their health collected via code in hospital websites, raising concerns over the potential digital gaps in patient privacy protections, Bloomberg Law reported Aug. 10.
One of the suits, filed in the Northern California district of U.S. District Court alleges that the tracking tool, dubbed Meta Pixel, collected sensitive medical information without consent from patient portals for UCSF Medical Center and Dignity Health.
Another suit filed in California federal court, also alleges that the tracking tool has been installed at more than 664 health system and medical provider websites and is receiving private medical data when patients access hospital websites for healthcare providers.
The tool, which allegedly sends Facebook patients' data when people schedule appointments in exchange for analytics about the ads that the health system places on Facebook and Instagram, has raised concerns regarding its HIPAA compliance.
Under HIPAA, covered entities are prohibited from sharing identifiable patient health information with third parties like Facebook, unless consent is given.
The news site The Markup conducted an investigation into the tool and said it had found no evidence that the health systems nor Facebook were obtaining patients' consent.
Facebook's corporate parent Meta said the tool isn't meant to send sensitive health information to the company.
According to Meta, if information such as medical conditions, treatments or mental health status is sent by mistake, Meta Pixel will filter out that information and prevent the data from feeding into ads.
Both suits are seeking compensatory damages paid to consumers.