Did Duke Health breach privacy by sharing patient data with Facebook?

Duke Health said a lawsuit claiming its patient portal shared patient data with Facebook should be dropped because patients failed to show their privacy was breached, according to a petition filed this week.

Kim Naugle and Afrika Williams sued Meta, the parent company of Facebook, Duke University Health System and WakeMed on September 1, alleging that the health systems violated their privacy by using Facebook’s pixel tracking tool and transferring patient data between private patient portals and Facebook.

In the lawsuit, the two patients claimed that the pixel tracking tool was misused on hospital websites because it tricked people trying to use the hospital’s patient portal into logging in through their account. Facebook. The Patient Portal allows people to schedule appointments and communicate with providers.

In a statement provided by a spokesperson via email, the university said it respects the confidentiality of its patients’ medical information. “DUHS has investigated the use of the Meta pixel on our website and patient portal and has determined that DUHS has not passed any of its patients’ protected health information to Meta,” the statement read.

But in its motion to dismiss on Tuesday, Duke University said that even if Williams’ connection to “DukeMyChart” would have logged into her Facebook and identified her as a Duke Health patient, that would not be enough to support a legal action against Duke.

“Williams does not plead the nature of the substantive communications she had on the Patient Portal or what information or medical conditions, if any, were passed on to Facebook, or how she was possibly harmed,” Duke replied. in his request.

Naugle did not make specific allegations against Duke. The university said in a statement that it has completed an investigation and no patient data has been shared with Facebook.

Facebook’s pixel technology allows third-party vendors to track patient browsing patterns.

“This unlawful transmission and collection of data is occurring without the knowledge or permission of patients, like plaintiffs, in violation of defendants’ contracts with their users/patients, as well as in violation of various federal and state laws “, said the patients. in their complaint filed in September.

Patients claimed that “when they logged into their patient portals, the Facebook pixel secretly deployed on the web page sent to Facebook that they had clicked through to log into the patient portal.”

The lawsuit states that there is no HIPAA permission to do so, so sharing patient information with Facebook violates healthcare systems’ privacy promises to patients.

Patients claim that at least 664 hospital systems or medical provider websites share patient data with Facebook through the Facebook Pixel, but Facebook has not confirmed this.

This is one of many cases alleging that pixel technology violates patient privacy. Earlier this month, a patient sued Attorney Aurora Health, based in Wisconsin and Illinois, in a class action lawsuit. The patient claimed his private information was shared with Facebook in a breach that could have affected three million patients and involved pixel tracking data.

Meta did not immediately respond to a request for comment.

Photo: JuSun, Getty Images