Mount Nittany Health, a healthcare provider based out of Pennsylvania, is the latest company to face allegations over third-party tracking.
In early April, a study by Health Affairs revealed that 98.6% of hospital websites use third-party tracking. Tracking is embedded in the websites through pixels in the code, which then releases information to a number of websites, most notably Facebook and Google.
Read More: 98.6% of hospitals use tracking that puts patient privacy at risk.
Since then, hospitals across the country are facing lawsuits over the potential release of sensitive information to businesses that may use it for marketing purposes.
The lawsuit against Mount Nittany Health was filed by two unnamed Centre County residents. Their attorney alleges that sensitive information was disclosed about the patient's medical conditions, medical providers, and location. They allege that the information was given to third parties without their knowledge or consent.
The lawsuit is seeking payment for damages in excess of $1 million.
The continued crackdown on hospitals like Mount Nittany Health shows that patients, legal teams, and government entities are paying close attention to the release of sensitive information. The release of this information by hospitals could be a HIPAA violation.
The Office for Civil Rights (OCR) also released guidance outlining HIPAA compliance concerns regarding third-party tracking and warning of potential fines and penalties if health entities are found to be using it.
In a local news piece, Mount Nittany Health spokesperson Tania Luciow refused to publicly respond to the allegations, saying, "We do not comment on pending litigation."
Attorney Bochetto wrote in the filing that Mount Nittany Health released private data, which "allows third-party advertising companies like Facebook to determine that a specific patient was seeking a specific type of confidential medical treatment." He also wrote that this information would "allow Facebook to reasonably infer that a specific patient was being treated for specific types of medical conditions, such as cancer or pregnancy."
Mount Nittany has yet to release any information on potential data exposures. Still, Attorney Bochetto believes that individuals beyond those he represents could be affected.
With more healthcare entities revealing they use third-party tracking, allegations will likely continue to occur from patients whose health data may have been given to third parties.
Hospitals and others in the healthcare industry should pay close attention to their data protection and consider alternatives to third-party tracking.
Related: HIPAA Compliant Email: The Definitive Guide.