Duke Health said a lawsuit alleging its patient portal shared patient data with Facebook should be dismissed because patients failed to show their privacy was breached, according to a motion filed this week .
Kim Naugle and Africa Williams sued Meta, Facebook’s parent company, Duke University Health System and WakeMed on Sept. 1, alleging the health systems violated their privacy by using Facebook’s pixel tracking tool and transferring patient data between private portals for patients and Facebook.
In the lawsuit, the two patients claim the pixel tracker is being misused on hospital websites and redirecting people to log in through their Facebook account so they can log in or out of the hospital’s patient portal to request an appointment or call with a supplier.
In a statement provided by a spokesperson via email, the university said it values the privacy of its patients’ medical information. “DUHS investigated the use of the Meta pixel on our website and patient portal and found that DUHS did not share any protected health information of its patients with Meta,” the statement said.
But in his motion to dismiss on Tuesday, Duke University said that even if Williams’ “DukeMyChart” login allegedly linked to her Facebook and identified her as a Duke Health patient, that was not enough to support a lawsuit against Duke.
“Williams does not address the nature of any material communications she had on the patient portal, or what, if any, medical information or conditions were transmitted to Facebook, or how she may have been harmed,” countered Duke in his proposal.
Naugle did not make specific allegations against Duke. The university said in a statement that it had concluded an investigation and no patient data was shared with Facebook. The patient portal allows people to schedule appointments and connect with providers.
Facebook’s pixel technology allows third-party vendors to track patient browsing trends.
“This unlawful transmission and collection of data is done without the knowledge or permission of the patients as well as the plaintiffs, in violation of the defendants’ contracts with their users/patients, and in violation of various federal and state laws,” the patients said in the lawsuit them, filed in September.
The patients claimed that “when they logged into their patient portals, the Facebook pixel was secretly placed on the web page, sending Facebook the fact that they had clicked to log into the patient portal.”
The lawsuit states that there is no HIPAA authorization to do so, therefore sharing patient information with Facebook violates health systems’ privacy promises to patients.
Patients claim that at least 664 hospital systems or medical provider websites share patient data with Facebook through the Facebook Pixel, but Facebook has not confirmed this.
This is one of many cases in which pixel technology is alleged to violate patient privacy. Earlier this month, patient judges Advocate Aurora Health, based in Wisconsin and Illinois, in a class action lawsuit. The patient claims his personal information was shared with Facebook in a breach that may have affected three million patients and included tracking pixel data.
Meta did not immediately respond to a request for comment.
Photo: JuSun, Getty Images