selling medical data to third parties

Data is one of the planet’s most valuable commodities. The healthcare industry, which generates vast amounts of personal and medical information, is a prime target for data brokers and other third parties seeking to monetize this information.

Lawsuits are now accusing hospitals of illegally selling medical data to those third parties, putting patients’ privacy and security at risk. This issue has become a major concern for healthcare consumers, regulatory agencies, and industry stakeholders.

Talk to a Florida medical malpractice lawyer at Lytal, Reiter, Smith, Ivey & Fronrath if you believe your healthcare provider has violated your rights by sharing your medical information. Schedule a free case evaluation by calling (561) 655-1990 or using our online contact form.

Brief on medical data

Medical data is any information that relates to a patient’s health, medical history, or treatment. This includes a wide range of data, such as medical records, diagnostic reports, test results, and prescriptions.

This information is considered highly sensitive and confidential, and its disclosure is strictly regulated by the Health Insurance Portability and Accountability Act (HIPAA). Healthcare providers have a legal and ethical obligation to protect their patient’s privacy and ensure the security of their medical data.

A pervasive problem

Several recent lawsuits allege that hospitals are selling medical data to third parties in violation of privacy laws such as HIPAA.

The lawsuits claim that hospitals have been profiting from this practice by charging data brokers and other third parties for access. The data is then used for a variety of purposes, such as marketing, research, and insurance underwriting.

To say the problem is pervasive is a massive understatement. According to healthcare industry watchdog The Markup, 33 of the nation’s top 100 hospitals send patient data to Facebook whenever someone accesses their websites to schedule an appointment. They do this through a tracking tool known as the Meta Pixel. Meta is the parent company of Facebook.

“Schedule online”

The Markup reported that when patients hit the “schedule online” button on some of the hospitals’ websites, the sites send the name of the doctor as well as any search terms the patient used to find the doctor. The example mentioned in the article was “pregnancy termination.”

Other types of information sent to Facebook, according to The Markup, included the names of medications patients were using, allergic reaction descriptions, and details about doctor’s appointments. Again, all of this is in clear violation of HIPAA regulations.

Third parties and medical data

The third parties being reported in these lawsuits include data brokers, pharmaceutical companies, insurance companies, and other healthcare-related businesses.

These companies use medical data for their own purposes, such as targeted advertising and risk assessment. In many cases, patients aren’t aware that their data is being sold, and they haven’t given their permission for it to be used in this way.

Consequences of selling medical data to third parties

There are severe consequences associated with hospitals selling patient information. Patient privacy is compromised and personal and medical information could conceivably be used for nefarious purposes, such as identity theft or insurance fraud.

Patients may also be subject to unwanted marketing or discrimination based on their medical conditions or treatment history.

The sale of medical data also undermines patients’ trust in the healthcare system, which can have negative consequences for their health outcomes. After all, if you can’t trust your hospital, how can you trust the quality of the care you’re receiving?

What you can do

If you’re concerned about the privacy and security of your medical data, there are several steps you can take to protect yourself.

  • First, review your medical records and ensure that all information is accurate and up-to-date.
  • Inquire about the hospital’s policies regarding the use and disclosure of medical data.
  • Consider using privacy-enhancing technologies, such as encrypted messaging and secure email, to communicate with their healthcare providers.

In addition, think about getting in touch with an attorney to protect your rights and hold the hospital accountable for their blatant disregard for your privacy.

A group of patients did just that in 2019 and filed a lawsuit against a Massachusetts healthcare system. They alleged the system installed tracking tools on their websites that collected patient data and later shared that data with third parties.

The defendants settled the case for $18.4 million in January 2022.

Worried your medical information might be in the wrong hands? Call us.

Learn more about holding healthcare companies accountable for privacy violations by contacting Lytal, Reiter, Smith, Ivey & Fronrath at (561) 655-1990.