Duke Health said a lawsuit claiming its patient portal shares patient data with Facebook should be tossed because the patients haven’t shown their privacy was violated, according to a motion filed this week.
Kim Naugle and Afrika Williams sued Meta, parent company of Facebook, Duke University Health System and WakeMed on September 1, alleging the health systems violated their privacy by using Facebook’s pixel tracking tool, and transferring patient data between private patient portals and Facebook.
In the lawsuit, the two patients claimed the pixel tracking tool is being improperly used on hospital websites because it directs people trying to use the hospital’s patient portal to sign in through their Facebook account. The patient portal allows people to schedule appointments and communicate with providers.
In a statement provided by a spokesperson via email, the university said that it values the privacy of its patients’ medical information. “DUHS has investigated the use of the Meta pixel on our website and patient portal and has determined that DUHS did not transmit any of its patients’ protected health information to Meta,” the statement said.
But in its motion to dismiss on Tuesday, Duke University said that even if Williams’ login to the “DukeMyChart” allegedly connected to her Facebook and identified her as a Duke Health patient, this is not enough to support a lawsuit against Duke.
“Williams does not plead the nature of any substantive communications she had on the patient portal or what, if any, medical information or conditions were transmitted to Facebook, or how she was possibly harmed,” Duke countered in its motion.
Naugle did not bring specific allegations against Duke. The university said in a statement that it has completed an investigation and no patient data was shared with Facebook.
Facebook’s pixel technology allows third-party vendors to track patient browsing trends.
“This unlawful transmission and collection of data is done without the knowledge or authorization of the patients, like Plaintiffs, in violation of Defendants’ contracts with their users/patients, as well as in violation of various federal and state laws,” the patients said in their lawsuit filed in September.
The patients claimed, “when they signed into their patient portals, the Facebook pixel secretly deployed on the webpage sent to Facebook the fact that they had clicked to sign-in to the patient portal.”
The lawsuit states that there is no HIPAA authorization to do so, therefore sharing patient info with Facebook violates the healthcare systems privacy promises to patients.
The patients assert that at least 664 hospital systems or medical provider websites share patient data with Facebook via the Facebook Pixel, but Facebook has not confirmed this.
This is one of many cases alleging pixel technology violates patient privacy. Earlier this month, a patient sued Advocate Aurora Health, based in Wisconsin and Illinois, in a class-action lawsuit. The patient claimed his private information was shared with Facebook in a breach that could have affected three million patients and involved pixel tracking data.
Meta did not immediately respond to a request for comment.
Photo: JuSun, Getty Images