A Marion County judge has scheduled a status briefing on a proposed class action lawsuit filed against Columbus Regional Health for alleged data privacy violations, while the hospital continues to contest the lawsuit in state court. A federal appeals court is considering whether the case should be litigated in the state. Federal court.
Marion County Superior Court Judge Christina R. Kleinman last week asked plaintiffs' attorneys “to address the orderly progression of this matter,” according to court filings. A status conference in Superior Court No. 1 was scheduled to be held on April 5th.
The lawsuit, filed on documents in Indiana Commercial Court in Marion Superior Court 1 in Indianapolis, alleges that CRH collects information about patients and that companies such as Meta, Google, Microsoft, Adobe Inc., DoubleClick, Marchex and others It claims to have embedded tracking technology on its website that it shares with companies. “Other possibilities exist,” according to the amended complaint filed in January.
This includes the content you search for on CRH's website, the buttons you click, the forms you submit, the events you register for, when you visit the patient portal and pay your bill, the terms you search for, and the doctors you search for. It is said that says the complaint.
The complaint further alleges that CRH's use of this technology violates HIPAA, the federal Patient Privacy Act, Federal Trade Commission standards, and the Indiana Deceptive Consumer Sales Act.
Columbus residents and CRH patients Brian and Annie Elkins are named as plaintiffs in the lawsuit. Annie Elkins was identified in the original complaint as a former CRH employee. The lawsuit proposes a class consisting of Indiana residents whose personal information was disclosed by CRH through tracking technology without authorization.
“When Plaintiffs and Class Members used Defendants' websites and online platforms, they believed they were communicating only with trusted health care providers,” the amended complaint states. “Defendants unknowingly embedded pixels from Facebook, Google, Microsoft, Adobe, DoubleClick, and Marchex into their websites and online platforms that provided Plaintiffs and Class Members with private details about their treatment. They secretly forced me to send it to a third party without my consent.”
The lawsuit has bounced back and forth between state and federal courts since it was filed in May. CRH alleges, among other things, that the complaint contains alleged violations of federal privacy standards and is seeking to have the case transferred to federal court, according to court records.
Lawyers representing CRH said in a court filing that the hospital system did not violate federal privacy standards and that “the specific information allegedly 'disclosed' falls outside the scope of protected health information.” He said he plans to argue in federal court.
However, a federal judge ruled on October 10 that using alleged violations of federal standards as evidence of civil liability under state law does not, by default, confer jurisdiction on federal courts, sending the lawsuit to Marion. The case was remanded to the High Court. court.
In November, CRH appealed the order remanding the case to state court. The hospital system also filed a motion to, among other things, suspend an order sending the case to state court until a federal appeals court rules.
In February, a federal judge rejected CRH's motion, finding, among other things, that the hospital system “is unlikely to face prejudice in state court” and that “any delay here would only benefit CRH.” .
As of Tuesday morning, the appeal was still pending in the Seventh Circuit Court of Appeals.
“There is no harm to either party if the case continues in state court while the remand order is reviewed by the appellate court. The same thing would have happened in either location. Location doesn't matter.” said U.S. District Judge James R. Sweeney II in a Feb. 21 order.
CRH filed another motion in state court earlier this month seeking to dismiss the case on procedural grounds, alleging that the plaintiffs have not complied with state law regarding tort claims against local governments.
More specifically, CRH asserts that the plaintiffs failed to file a notice of tort claim before filing suit or gave the hospital system 90 days to investigate the claim as required by law. He claims that he was not given a grace period. According to the Cornell Law School Legal Information Institute, a tort is an act or omission that causes injury or damage, and the injured party often seeks compensation in the form of monetary compensation. You may be eligible.
The plaintiffs “rather than wait 90 days to file a lawsuit, they filed suit immediately and 90 days later amended their complaint to formally enumerate their theories of tort,” the motion states. No decisions had been made on the motion as of Tuesday morning.
CRH officials declined to comment on the lawsuit, citing the pending litigation.
CRH spokesperson Kelsey DeClue previously said in a statement to The Republic: “To protect the integrity of pending litigation, the Columbus Regional Health Department does not comment on ongoing litigation matters.” . “However, our organization intends to vigorously defend against these claims.”
The charges against CRH come as a growing number of hospitals and health systems across the country face lawsuits for disclosing patients' personal data to big technology companies through tracking technology on their websites and other online platforms. Ta.
The lawsuit primarily concerns the use of tracking technology called tracking pixels. A tracking pixel is a computer code embedded on a website that can track and record various personal data about how users interact with her website. The Federal Trade Commission's Office of Technology says you'll need to fill out a form on the website.
Pixels can be hidden from view, and blocking third-party cookies may not prevent them from collecting and sharing information. Companies typically use these to track consumer behavior and target advertising based on online activity.
Many of the lawsuits, including the one filed against CRH, refer to the use of Meta Pixel, a tracking pixel developed by Facebook's parent company Meta.
Meta says the Meta Pixel “loads a small library of functions” that can track visitor activity based on Facebook ads on a website and “match website visitors to their respective Facebook user accounts.” A snippet of JavaScript code.
In court filings, Meta Pixel claims it can track information about visitors' devices, including IP addresses and pages viewed. It can also be configured to track search terms, button clicks, and form submissions.
However, it is unclear how CRH configured these tools or if they even used them at all. Although the original and amended complaints do not specify how the plaintiffs concluded that CRH uses tracking pixels, the amended complaint provides examples of the tools used. Shown.
“Defendants disclosed to Facebook the content patients viewed and the buttons patients clicked. For example, when a user clicked on “Cancer Center” under the “Service Centers” tab of the website, Defendants disclosed to Facebook what content patients viewed and the buttons patients clicked. Report the title, page description, and URL viewed to Facebook, thereby reporting that the individual is seeking cancer treatment. ” the amended complaint states. “…Similarly, when a user loaded Defendant’s “Diabetes Care” page, CRH reported to Facebook that the user was viewing a page about diabetes. Then, if a user submitted a “diabetes referral form,” CRH also shared the event with Facebook. And if the user clicked on a button that said “Read more about our wound care center,” this was also reported to her Facebook. ”
The issue of tracking technology in the healthcare environment has been highlighted by a report in technology publication The Markup that 33 of Newsweek's top 100 hospitals in the U.S., including Johns Hopkins Hospital and UCLA Reagan Medical Center, have Meta Pixels installed. It was revealed in June 2022 after it was discovered that and Duke University Hospital.
The publication said former regulators, health data security experts, and privacy advocates reviewed the report's findings and found that hospitals' use of tracking tools may violate HIPAA. It is said that he did.
In December 2022, the U.S. Department of Health and Human Services stated that website trackers may violate HIPAA and that “regulated entities are not permitted to use tracking technology in a manner that would result in impermissible disclosure.” ' he warned.
“Such disclosures could reveal highly sensitive information about individuals, including their diagnosis, frequency of visits to therapists and other health care professionals, and where the individual is seeking treatment,” HHS said at 12 Said on the moon.
In June 2022, anonymous plaintiffs filed a proposed class action lawsuit against Meta in federal court, alleging that the tech giant violated patients' medical privacy through its MetaPixel tool. The case is currently pending in federal court.
When the lawsuit was filed, plaintiffs' attorneys claimed that Facebook had identified through experts the web properties of at least 664 hospital systems or health care providers in the United States that received patient data via Metal Pixel.
Since then, lawsuits have been filed across the country against Cedars-Sinai Health System in Los Angeles, Rush University Health System in Chicago, U of L Health in Louisville, and LCMC Health in New Orleans.
At least 18 hospitals and health systems are facing similar lawsuits through April 2023, according to Becker's Health IT.