WakeMed hit with yet another lawsuit over patient data leaked to Facebook
For the second time this week, WakeMed has been sued for sending patient data to Meta via a digital tracker on its website.
The newest lawsuit, filed this week in Wake County Superior court, claims the health system sent protected health information to Facebook’s parent company without patient consent, violating state and federal laws and its duties as a health care provider to keep patient data confidential.
A spokesperson said WakeMed does not comment on ongoing litigation.
WakeMed sent a letter last month to about 495,000 patients, including lead plaintiff Trace Weddle, warning them that their health data — like medical conditions, prescriptions and contact information — might have been shared with the advertising giant.
A “Meta pixel” was installed on the health system’s appointment scheduling page and on its password-protected patient portal in 2018 to collect data on the demographics, interests and behaviors of visitors to WakeMed’s websites, the letter to patients read.
Meta markets the pixel as a way for companies to track the effectiveness of targeted advertisements, by following the users’ online activity after seeing the ad in question.
WakeMed — which serves hundreds of thousands of patients a year — removed the pixel in May after being contacted by The Markup, a technology investigative news outlet that originally reported the data leak.
The personal health data collected from WakeMed’s websites was sent along to the advertising giant along with an IP address, which could be used to trace the health data back to a specific individual or household, according to the Markup investigation.
The lawsuit also claims that WakeMed downplayed the seriousness of the data breach and extent to which it used “Meta pixel.”
In the letter to patients, WakeMed said it installed the pixel to “better connect members of our community with WakeMed’s MyChart patient portal” and by extension improving their access to health care.
“WakeMed’s claimed purpose in implementing the Meta Pixel is not at all consistent with what Facebook has stated is (the clear purpose) of Meta Pixel: to collect individuals’ information for ad targeting purposes,” the complaint reads.
Tom Wilmoth, the attorney who filed the suit, said WakeMed glossed over how Meta used the patient data.
“The big question for all the people affected by this was, Well what happened to it then?” he said in an interview with the N&O. “This was going on for over two years — I doubt Meta just sat on that info.”
Another class action lawsuit filed in federal court a week ago similarly claimed that WakeMed unlawfully disclosed the plaintiff’s personally identifiable information and protected health information without her consent.
A third similar lawsuit against Meta, WakeMed and Duke Health was filed in September.
Teddy Rosenbluth covers science and healthcare for The News & Observer in a position funded by Duke Health and the Burroughs Wellcome Fund. The N&O maintains full editorial control of the work.
