Behind the scenes
These third-party technologies, such as Facebook’s Meta Pixel and Google Analytics, collect user data to develop personalized ads targeted to each individual user. In this case, the software works by sending a data packet to the end-user and Facebook and Google whenever a patient clicks a button to schedule a doctor’s appointment. That data is connected to an IP address — an identifier that’s like a mailing address to a specific computer linked to a specific user or household — that creates a receipt of the users’ information and actions on the internet.
The HFH lawsuit alleges the health system’s website and patient portal, via the third-party software, collected patient information, such as “their past, present, or future health conditions, including, for example, searches for specific health conditions and treatment and the booking of specialized classes or medical appointments with specific physician.” That information was then disseminated to Facebook or Google, allowing the tech giants to know that what medical care the patient was seeking without the patient’s consent, the lawsuit alleges.
“Then, completely unencumbered by any pretense of restriction or regulation, Facebook and Google, in turn, use that private information for various business purposes, including using such information to ‘improve advertisers’ ability to target specific demographics and selling such information to third-party marketers who target those users online," the suit alleges.
The suit also claims HFH used Facebook software to collect and store data on its own servers that it then used for its own marketing purposes, building profiles of patients for retargeting and future marketing efforts. It also alleges HFH used the patient data to create targeted advertising tailored to the patients’ specific medical conditions.
Download Modern Healthcare’s app to stay informed when industry news breaks.
Debra Geroux, partner at law firm Butzel Long PC in Troy and a litigator who has defended organizations against these types of suits, said hospitals have legitimate reasons to use the Facebook and Google software and can do so without violating laws.
“You can have analytical tools on your platforms, it’s relevant information, but the question is what you’re doing with that information,” Geroux said. “There is a legitimate reason why they would want to have that tracking technology. It allows them to know where their patients may be coming from so they can have resources in that geography or whether they need to expand their offerings to cover certain patients. It’s only a problem when they share that information with Meta or Google for use in advertising that it becomes problematic.”
The federal government has issued warnings to the healthcare industry about the use of tracking software in recent years.
In December 2022, six months after The Markup article was published, the Office for Civil Rights at the U.S. Department of Health and Human Services issued a bulletin telling health care organizations that using tracking software violates HIPAA.
It's unclear whether HFH maintained use of the software after DHHS issued its original bulletin in 2022 and whether it uses it today. Coulson nor HFH commented on whether the technology was still in use today.