Lawsuit alleges Commonwealth Health shares private patient information with Facebook
- Oops!Something went wrong.Please try again later.
Feb. 27—Commonwealth Health System allows Facebook to secretly access confidential information of patients who use the health system's website to search for physicians and conduct other routine business, according to a proposed class-action lawsuit.
The lawsuit, filed by Philadelphia attorney George Bochetto and several other attorneys, claims the health system discloses information via a digital tracking tool embedded in its website that transmits information regarding searches users conduct.
"While most users believe that the internet provides them with anonymity when, for example, they browse a hospital website for treatment information about a medical condition, that is not the case when the hospital website has embedded third-party tracking devices, as Commonwealth Health has," Bochetto says in the suit.
The lawsuit joins a number of similar lawsuits filed against hospital systems nationwide that also allegedly use a tracking tool — known as a "pixel"— that Facebook's parent company, Meta, developed.
The alleged confidentially breaches came to light in June, when the Markup, a nonprofit investigative news organization, reported it discovered 33 of 100 hospitals it tested nationwide embedded Meta's pixel on their websites.
The lawsuit, filed by a woman under the pseudonym "Jane Doe," names the corporate parent companies of Moses Taylor Hospital, Regional Hospital of Scranton and Wilkes-Barre General Hospital, collectively trading as Commonwealth Health. Facebook is not a defendant. The case was initially filed in Lackawanna County Court. The health system recently filed a motion transferring the matter to federal court.
In an email, Annmarie Poslock, spokeswoman for the health system, said it "takes its responsibility to guard patient privacy seriously, but because it is our general practice not to discuss pending litigation, we don't plan to comment on the lawsuit at this time."
According to the suit, the tracking device captures user interactions with the health system's website, including queries they type in the site's search bar, and immediately transmits the information to Facebook.
"Knowing what information a patient is reviewing on Commonwealth Health's Website can reveal deeply personal and private information," the suit says. "For example, a simple search for 'pregnant ... allows Meta Pixel to capture that search term and tell Facebook that a patient is likely pregnant."
The tracker also reveals information on other interactions with the site, including when a patient searches for or schedules an appointment with a physician. That can provide information on their health condition, based on the physician's specialty.
Facebook is able to identify the user by the IP address — a number that identifies each computer connected to the internet — and then shares that data with others who use the information to target ads to them based on the content of their searches.
The suit says Commonwealth Health benefits because it has access to the tracker's analytical tools, which provide the health system information it uses for "advertisement purposes, sale or trade for services from third parties."
The suit says several other health systems found to use the tracking device have stopped using the tracker and have notified patients their information was shared.
Commonwealth Health "has done nothing," the suit says. It continues to collect and transmit the information "despite widespread knowledge in the health care community that such collection and disclosure ... is patently illegal and a violation of patients' fundamental privacy rights. "
The suit seeks damages on five counts, including invasion of privacy, breach of confidentiality and violation of the Wiretapping and Electronic Surveillance Control Act. It asks a judge to order the health system to halt the data collection and to award compensatory and punitive damages to the lead plaintiff and anyone affected by the alleged privacy breach.
Contact the writer:
tbesecker@timesshamrock.com; 570-348-9137;
@tmbeseckerTT on Twitter.
