On Dec. 19, a federal judge permitted a lawsuit to proceed with four claims against Microsoft and Qualtrics related to the two companies' acquisition of private health data from Oakland, Calif.-based Kaiser Permanente patients.
The original lawsuit, filed in May, alleges that Microsoft and Qualtrics violated the privacy rights of Kaiser patients under HIPAA. The anonymous lead plaintiff alleges that the companies used pixel codes on Kaiser's patient portal to collect information about her search history, healthcare appointments, medical records and communications with physicians.
The plaintiff says this was done without obtaining consent from website users, according to the original lawsuit.
Microsoft denied these claims, stating that its tracking service prioritizes privacy by requiring website operators using the code to adhere to consent requirements and by disclosing Microsoft's user data collection through the operator's privacy policy. Microsoft also cited Kaiser's public privacy statement, asserting that Kaiser records data from website users and may disclose personal information to third parties to improve business activities.
Qualtrics also emphasized that it doesn't sell user data or use it for advertising. Qualtrics additionally argued that the Kaiser data is anonymous due to a randomized alphanumeric string assigned to all users.
U.S. District Judge John C. Coughenour's ruling on Dec. 19 dismisses claims of computer fraud, statutory larceny, conversion and two counts under the California Invasion of Privacy Act related to intentional wiretapping. Remaining claims include unjust enrichment, invasion of privacy, violations of California’s Unfair Competition Law, and the state's constitutional right to privacy.