A federal judge in Florida has rebuffed Orlando Health Inc.’s attempt to escape a class action lawsuit that accuses the healthcare provider of improperly sharing patients’ private information with Meta Platforms and Google. The lawsuit alleges that Orlando Health violated patient privacy by using tracking pixels from the tech giants, enabling them to collect and analyze sensitive health data without proper consent.
The ruling, delivered by the U.S. District Judge, represents a setback for Orlando Health in its efforts to quash the legal challenge early in the process. The plaintiffs, who are former patients of the health system, claim that the data sharing practice violates the Health Insurance Portability and Accountability Act (HIPAA) and amounts to a breach of patient confidentiality.
The suit alleges that the tracking pixels, which are small pieces of code embedded on websites and within apps, transmitted patients’ protected health information to the technology companies. This data includes details about appointment scheduling, medical conditions, and other sensitive information. The plaintiffs contend that this harvesting of data for advertising and analytics purposes was done without informing patients or getting their permission, a direct violation of privacy laws.
Orlando Health had argued that the data shared was anonymized and not subject to HIPAA regulations. However, the judge found the plaintiffs presented sufficient evidence to suggest that the data could be re-identified and therefore did fall under HIPAA’s coverage. This decision means the lawsuit can proceed, and discovery will now move forward, opening the door for patient depositions and document requests. The healthcare provider now faces the prospect of prolonged legal battles and potential financial penalties. The case is being closely watched by privacy advocates, as it could set a precedent for other healthcare providers using similar tracking technologies on their websites and patient portals.
