By Jeff Wardon, Jr., Assistant Editor

A Philadelphia man filed a federal class action lawsuit against Jefferson Health, claiming the organization violated his privacy by allowing Facebook’s Meta Pixel to track patient activity on its websites, including a secure patient portal, The Philadelphia Inquirer reports.  The lawsuit alleges that Facebook was able to match private health information with the plaintiff’s social media profile, causing him to see targeted ads for diabetes medications. 

Jefferson Health joins Main Line Health, Redeemer Health and Tower Health in facing similar lawsuits over third-party tracking technologies. These cases question whether such practices violate HIPAA. 

Related: Why Healthcare Organizations are Major Cyberattack Targets

Jefferson Health denies using Meta Pixel on its patient portals and defends its use of tracking on public-facing websites for analytics and marketing.  Jefferson Health’s case has advanced in court, with plaintiffs seeking up to $10,000 per affected individual. 

A JAMA Network study analyzed the privacy policies of hospital websites to assess the way they handled user information and third-party tracking.  

Key findings included:    

• 96 percent of hospital websites shared user information with third parties,    
• 71 percent of websites included a publicly accessible privacy policy,    
• Of 71 privacy policies, 40 — 56.3 percent — disclosed specific third-party companies receiving user information.    

Not only can third-party tracking be a potential privacy concern, but it can also be a cybersecurity concern. This information sharing can be targeted by hackers, which in turn can lead to data breaches.  

Jeff Wardon, Jr., is the assistant editor for the facilities market.