Medtronic, the Minneapolis-based healthcare organization, is being sued in a class action lawsuit for using data tracking, which may have resulted in the sharing of sensitive data.
On August 30th, a class action suit was filed on behalf of plaintiff A.H. and other individuals against Medtronic MiniMed Inc. and MiniMed Distribution Corp. The lawsuit alleges that the individuals had personal health information disclosed to third parties via Firebase, Crashlytics, and Google Analytics.
Specifically, affected individuals were users of Medtronic's InPen System, a reusable insulin pen for individuals with diabetes. The pen can be used to deliver insulin, calculate insulin doses, and estimate carbohydrates in meals.
The InPen is Bluetooth-enabled and designed to be paired with a corresponding mobile app. The app is said to automatically record the size and timing of insulin doses.
According to the complaint, information was disclosed to third parties, including the user's name, phone number, email address, date of birth, IP address, and more regarding their medical information.
Medtronic is the newest, but far from the only, company to be facing harsh consequences for the use of data tracking.
After a report was released citing that 98.6% of hospitals use data tracking, the Office for Civil Rights and the Federal Trade Commission have warned many organizations that data tracking leads to serious privacy concerns that may be in violation of HIPAA regulations.
For Medtronic, this marks their first recent legal issue in a long time. The company has been doing exceptionally well, with a new automated insulin delivery system recently approved by the FDA. Its Diabetes unit has led the way in company growth, with a report stating its overall revenue had increased 6.8% year-over-year.
How this lawsuit plays out could affect the future of the pen, and how it is designed to function with its corresponding app.
According to a recent report of the lawsuit, the InPen system collects "a treasure trove of personal data patients communicate in relation to their healthcare, which M[edtronic] secretly mines, transmits, and intercepts for its own benefit, "without obtaining authorization from users.
The lawsuit further said, "Information about a person's health is among the most confidential and sensitive information in society, and its mishandling can have serious consequences, including embarrassment, discrimination, and denial of insurance coverage."
In a recent statement to Drug Delivery Business News, a spokesperson for Medtronic said, "Medtronic has not been served and will review the complaint once we receive it. It's important to note that protecting patient information is critically important to Medtronic. We have strong processes, technologies, and people in place to safeguard and protect our information and systems, the information of our business partners, and most importantly, the privacy and safety of the patients and healthcare providers that use our products."
As the case unfolds, Paubox will be paying attention to how this case, and others involving tracking, are responded to.
With many organizations being accused of sharing data, and many claiming to not be responsible for privacy infringements, Paubox will continue to monitor who is being held responsible.
Related: HIPAA Complaint Email: The Definitive Guide