As we discussed in a recent webcast, there has been a surge in litigation focused on companies’ use of Meta Pixel, which is tracking code that enables the sharing of user online activity with Facebook. Recent litigation has alleged that use of Meta Pixel with online videos violates the Video Privacy Protection Act (VPPA). An even more recent variant of Meta Pixel litigation alleges that use of Meta Pixel constitutes wiretapping under federal and state wiretapping laws. These recent cases have focused on hospitals that have enabled Meta Pixel for patient portals and thus allegedly allow Meta to eavesdrop and/or wiretap private doctor-patient communications, allegedly violating HIPAA, state healthcare privacy laws, and a host of other state privacy laws – in addition to wiretapping laws.
A recently filed case, Stewart v. Advocate Aurora Health, Inc. (N.D. Ill), is a good example of this recent trend in Meta Pixel litigation. The case alleges that Advocate configured Meta Pixel to track patient communications through its patient portal, allowing Meta to capture in real time medical information of Advocate patients. The complaint alleges that Advocate recently disclosed the sharing with Meta Pixel under applicable data breach notification laws, which Plaintiff alleges is evidence that Advocate and Meta had not obtained patient consent to the alleged interception/eavesdropping of communications.
The lawsuit asserts claims against Advocate and Meta under the Electronic Communications Privacy Act, which provides liquidated damages of up to $10,000 per person for wiretap violations, the Stored Communications Act (SCA), as well as Illinois state law claims for breach of contract, breach of implied duty of confidentiality, and invasion of privacy. There have been at least half a dozen similar class action lawsuits filed in the past two months against hospitals and Meta under similar theories of liability, and it is likely that plaintiff’s attorneys will file more in the coming months. Indeed, a recent study by Markup asserts that one third of the 100 largest hospitals in the U.S. share patient PHI through their websites with Meta.