back to article US lawsuit alleges tool used by hospitals shares patient data with Meta

Social media megacorp Meta is the target of a class action suit which claims potentially thousands of medical details of hospital patients were shared with its Facebook brand. The proposed class action [PDF], filed on Friday, centers on the use of Facebook Pixel, a tool for website marketing and analytics. An anonymous …

  1. Doctor Syntax Silver badge

    "UK health company EMIS bought by US insurance giant"

    Parhaps such transactions should require the informed and specific consent of the data subjects.

    1. Anonymous Coward
      Anonymous Coward

      ICO - waste of space

      "Parhaps such transactions should require the informed and specific consent of the data subjects."

      If you're expecting the ICO put forward such a viewpoint then don't hold your breath. Enforcement regime? They've heard of it...

      Currently I'm wrestling with the following ICO madness:

      (a) ICO have confirmed they have no powers to take any action regarding organisations that broke data protection prior to 23/05/2018 (the day GDPR came into effect), even if the personal data unlawfully collected back then is still stored/in use by those organisations today.

      (b) ICO have confirmed they will not investigate a large scale (1.9+ million people affected) unlawful data processing issue as insufficient people (i.e. likely only me as no-one else is probably aware of it) have complained about the issue. They will investigate the misuse of *my* personal data, that is all.

      To use an analogy, that is like someone providing the police *with evidence* of an individual commiting large number of burglaries/muggings/whatever (including of the person who reported it) and the police saying "sorry, we can only investigate *your* burglary/mugging/whatever, regardless of all the evidence you have provided, as none of the other people affected have contacted us"...

  2. alain williams Silver badge

    Publish Zuck's medical information

    That would be a fitting punishment.

    1. MrDamage Silver badge

      Re: Publish Zuck's medical information

      I want to know who provided him with his skinsuit. It's almost realistic.

      1. Matthew "The Worst Writer on the Internet" Saroff

        Re: Publish Zuck's medical information

        It's not Madam Tusseaud's. Their Zuck sculpture is way more lifelike than the original.

  3. Mike 137 Silver badge

    The USA is not alone

    This kind of tracking on medical sites is not new or unique to the USA. It has been widespread in Europe as well.

    1. Captain_Cretin

      Re: The USA is not alone

      Agreed; 2 years ago I caught Dominos Pizza (UK), out; you couldnt get an online payment to process unless you allowed some FaceBook scripts to run.

      Not sure if this was Dominos themselves, or the 3rd party payment system they were using, either way, Dominos no longer gets online orders from me, so even if they eventually fixed the issue, they lost my business.

      This isnt the first time I have had issues with dodgy/sloppy coding in their payment process either.

  4. Anonymous Coward

    Is anyone surprised?

    This is the way Suckerberg works.

    How else is Farcebook going to target erectile disfunction ads?

  5. The man with a spanner

    Its very simple

    As a user of the internet I do not want my medical information readily available and traded, indeed I don't want any of my personal information hijacked and used in this way. It is simply not theirs to have and use.

    Tho ONLY time you should have my information is when:

    You need it for a specific transaction that we are conducting and I freely give it to you.

    I freely publish the information.

    To that end all web sites, web forms etc should by law default to not collecting any of my information or tracking me in any way unless I specifically agree not only to the collection but also to the use the information will be used for.

    Failing the legal laggards getting off their fat arises and doing something useful I want my browser to auto complete ALL the opt outs in the web sites so that my data is safeguarded to my requirements rather than having to maintain a constant battle. Also the browser should nuke all the leaky elements (Facebook pixels etc).

    Where are you Firefox / Brave etc

    1. Alumoi Silver badge

      Re: Its very simple

      No problemo!

      We'll just put a non-skippable page for each and every tracking method we use where you can express your informed consent before you will be able to access the page you were looking for.

      Don't worry, the page will be in plain legalese and you would have to scroll it all the way down before being able to make your choice.

      And, just to make sure you would give your informed consent, we'll add a quick test.

      After all, we wouldn't want to break the law.


  6. Claverhouse Silver badge


    Sounds like the real culprits are not the good people at Meta, nor yet --- to my considerable disappointment, the wretched ad industry --- but the doctors and medical staff who who sling this data at Facebook et al.

    1. EricB123 Silver badge

      Re: Greed

      No, no, no! Doctors are supposed to get "gifts" when they prescribe a specific drug, not patient data.

    2. Horst U Rodeinon

      Re: Greed

      I can't blame the users at these hospitals, i.e., the doctors and medical staff, because administering the systems isn't their responsibility. What group do you suppose that leaves as suspicious?

      1. John Brown (no body) Silver badge

        Re: Greed

        The accountants. because they refused the budget for a proper and safe portal and instead went with "free" because the only "cost" is the patient data.

  7. eldakka

    While I think Facebook is a terrible company founded and managed by a reprehensible person, I doubt this suit has legs. The plaintiff's have a valid complaint, but they are targeting the wrong entity.

    HIPAA is very specific in the entities that are subject to it. Healthcare providers, insurers, and related entities that provide health services. For example, the taxi company that a hospital uses to travel to another hospital wouldn't be covered. And if a hospital revealed HIPAA-protected information to an entity (said taxi driver) who is not subject to HIPAA, the taxi driver would not be breaching HIPAA by repeating that information as they are not a covered entity.

    It is the healthcare providers who are providing this information to FB that are the ones who should be the targets of the suit.

    For reference, see the LegalEagle Youtube video This Video Is A HIPAA Violation! (According to Wrong People) that talks about HIPAA in the context of various people claiming "because HIPAA" as to why they couldn't talk about their vaccination status and other absurd claims resulting from a misunderstanding of HIPAA.

  8. EnviableOne

    for those that are not aware, 90% of GPs in the NHS use either Egton Medical Information Systems (EMIS) Health or TPP's System One and its roughly a 50-50 split

    Anyone using the Patient Access App is using EMIS.

    This is a huge deal, making all EMIS patient data subject to the US CLOUD act.

    1. Anonymous Coward
      Anonymous Coward

      EMIS patient data already on AWS

      "This is a huge deal, making all EMIS patient data subject to the US CLOUD act."

      Did you fail to notice back in 2018 when EMIS moved all the UK patient data they host from their own infrastructure onto AWS? So it is already potentially subject to US law...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like