North Carolina-based healthcare provider WakeMed Health and Hospital is facing a class-action lawsuit for the data breach that took place due to the use of a tracking tool called Meta pixel. The WakeMed data breach exposed patients’ personal identifiable information (PII) and personal health information (PHI) without their knowledge for years. Nearly 495,000 patient data are said to be affected, according to HIPPA Journal post published on October 24, 2022.
The information transferred from the systems of WakeMed to Meta/ Facebook
The lawsuit was filed by plaintiff Trace Weddle who lives in North Carolina and was a patient of WakeMed. According to the lawsuit, the traded information included patients’ names, email addresses, phone numbers, contact information, emergency contact details, IP addresses, online check-in information, medical history, and appointments. WakeMed clarified that the relayed information did not include social security numbers or financial information unless it was entered by the user.
Violation of confidentiality
According to a release by the healthcare provider, Meta Pixel was created by Facebook, now Meta, and it is a tracking mechanism that was installed on the systems of WakeMed in March 2018. The news release which was only published on October 14, 2022, stated the healthcare provider was ‘unable to determine’ whether Meta collected or used the information it received. Meta Pixel was removed from its systems in May 2022. The healthcare provider also clarified that information from the MyChart patient portal may also have been exposed including COVID vaccine status. However, as Meta Pixel was not placed on the mobile app of MyChart, user data sent through mobile devices was not exposed or transmitted to Facebook.
Although this facility was added to enhance the user experience and connect WakeMed to the community by measuring online user activity, it instead took several other pieces of information as well to the servers of Facebook. The lawsuit noted that WakeMed consciously allowed the transmission of data without the consent of its patients thereby violating confidentiality to its patients, the state and federal laws.
As per a report published by the New York-based nonprofit newsroom The Markup, out of the top 100 American hospitals it tested, 33 were using Meta Pixel. This indicates that the data of countless patients from several healthcare providers in the US is still unsafe. The information was susceptible to being used for advertisements and financial gains. The report further stated that as of June 15 this year, six hospitals have already removed the data tracking tool from their websites.