Lawsuit Accuses Cedars-Sinai Hospital Website and App of Illegally Sharing Patient Data with Meta, Google, and Others
A proposed class action lawsuit was filed against Los Angeles-based Cedars-Sinai Health System and Cedars-Sinai Medical Center. The suit which was filed on February 3rd by plaintiff John Doe accuses the hospital system of sharing private patient information with tech giants including Google, Meta, and Microsoft Bing.
The lawsuit was brought on by John Doe after he noticed targeted ads related to health concerns about a health condition he researched while on the hospital's website and application platform. After noticing these targeted ads, the plaintiff was able to determine that the targeting was likely due to his interaction with the hospital's patient portal system.
The patient portal system is offered through a website and application that allows patients to log into their patient portal and research different medical conditions, symptoms they're experiencing, and physicians who can treat their health issues. After logging into his patient portal, Doe began noticing an uptick in targeted health-related ads while he navigated his Facebook page.
The lawsuit accuses the hospital of using Microsoft Bing and Google Analytics tracking codes that allow user data to be tracked. Specifically, the lawsuit points to Cedar-Siani’s use of Meta Pixel, a piece of code that is embedded and able to analyze how Facebook users interact with information online. That collected data is then used to target users with specific ads generated based on previous website usage.
After patients logged on to the patient portal, they were under the false impression that protected health information and personally identifiable information were secure in the hands of Cedars-Sinai's digital platform. Instead, the lawsuit accuses Cedars-Sinai of taking the exact opposite approach and sharing that private information with the globe's leading marketing and social media platforms.
The lawsuit also accuses Cedars-Sinai of knowingly embedding tracking code on its website and application for the sole purpose of sharing patient data with these marketing entities. The lawsuit explains, “Cedars-Sinai’s goal in installing the tracking code was not to provide any benefit to its patients but only to itself. Cedars-Sinai installed the tracking code to obtain insight about how its patients and potential patients use its Website.”
The lawsuit goes on to accuse Cedars-Sinai of violating a variety of laws and regulations that were established to protect patient privacy. The lawsuit cites violations of the California Invasion of Privacy Act among other state laws and regulations.
Under the California Invasion Privacy Act, it is against the law for entities or individuals to illegally record conversations (including phone conversations) without the consent of all individuals involved in the conversation. This law was essentially designed to make wiretapping illegal and is a main pillar in the lawsuit filed against Cedars-Sinai. As the lawsuit describes it, "This code served as real-time wiretaps on patients' communications."
Cedars-Sinai has not publicly commented on the lawsuit; however, they did share a statement with ABC News explaining, "We will continue to follow regulatory guidance in this area while striving to provide the best website experience for people searching for healthcare information and treatment options."
