Our Cyber Security Partner, Tokio Marine, has released the following important notice regarding organizations using Meta Pixel (an online marketing tool from Facebook used by many healthcare practices) and its potential unauthorized disclosure of personal identifiable information (PII) and protected health information (PHI). Please see below:
We’re seeing hundreds of healthcare providers and other businesses targeted by class action lawsuits across the country, alleging the unauthorized disclosure of personally identifiable information (PII) and personal health information (PHI), and seeking civil damages for each disclosure. PII and PHI was gathered through the use of a tracker called Meta Pixel. Potential exposure from this litigation may be significant, and we wanted to be sure you are aware. Recently, a class action against a healthcare organization in the Northeastern United States alleging unauthorized disclosure of PHI, in part because of the Meta Pixel, resulted in a settlement of $18.4 million.
In addition to the exposure organizations may face from class action lawsuits, breach notifications and regulatory enforcement may also cause significant expense. The allegations of unauthorized disclosure of PHI and/or PII may thus be a violation of HIPAA as well as relevant state privacy laws prohibiting the unauthorized disclosure of PII/PHI to third parties. In just the past month, two large health systems have sent data breach notifications to approximately 3.5 million patients because of Meta Pixel.
We recommend contacting your IT professional to identify whether any forms or pages on your company website contains Meta Pixel, and the steps you should take to mitigate the risks noted above.
For more information, please click here.