• by Wendy Davis  @wendyndavis, May 9, 2023

Meta Platforms is asking a federal judge to throw out a lawsuit by medical patients who allege the company collected their sensitive medical data from websites operated by health care providers.

In papers filed Monday, Meta essentially argues that it isn't responsible for health care providers' alleged misuse of a publicly available tool -- the Meta Pixel.

“This case concerns a relatively narrow issue: the allegation that healthcare providers decided to use a commonplace internet analytics tool to send sensitive health-related information to Meta that Meta never intended, and did not want, to receive,” the company argues in a motion filed with U.S. District Court Judge William Orrick in the Northern District of California.

Meta's filing comes in a class-action complaint brought last year by patients who alleged that Meta tracks their visits to hospital websites, and then monetizes the data collected from those sites.

The patients, who are proceeding anonymously, sued soon after The Markup reported that 33 of the country's top 100 hospitals have Meta's tracking code, the Meta Pixel, on their sites. That code sends Facebook IP addresses of people who use the hospital sites to schedule a doctor's appointment, according to The Markup. 

Meta also potentially can draw on tracking cookies to identify some patients who are logged in to Facebook when they visit a hospital site, according to The Markup.

The patients raised several theories in their complaint, including that Meta misrepresented its policies by claiming that publishers only send data to Meta if they have the legal right to do so.

That statement allegedly was untrue, given that the health sites that allegedly sent data were subject to the Health Insurance Portability and Accountability Act, which prohibits doctors and hospitals from sharing information about patients without their consent.

The complaint also alleges that Meta violated various wiretap and privacy laws, among other claims.

Meta argues in its new papers that all of the claims should be dismissed.

“There is nothing inherently unlawful or harmful about the pixel-based analytics technology at the heart of this case,” the company writes. “This technology helps web developers measure certain actions users take on their websites ... and use that information to grow their businesses and improve online user experiences.”

“Web developers -- not Meta -- choose whether, where, and how they will use the Meta Pixel,” the company continues, adding that its “Business Tools Terms” instruct web developers not to send health information.

“It is ultimately the developer, not Meta, that controls the code on its own website and chooses what information to send,” Meta adds.

Last year, Orrick rejected the patients' request to issue an order that would have prohibited Meta from gathering or using patient information obtained from sites of health organizations covered by the Health Insurance Portability and Accountability Act.

Orrick said at the time that the patients raised potentially strong claims, and that the allegations against Meta were “troubling.”

But he also noted that Meta presented evidence it has invested in a filtering system, and that there were too many unknowns to justify an injunction at the time -- including how many hospitals use the Meta Pixel, and how successful Meta's filter is.