SACRAMENTO (CN) – A class claims in a Monday lawsuit that one of California’s largest health care providers is secretly sharing patients’ private information to Facebook, Google and other companies.
The class alleges that Sutter Health intentionally included source code on its website that “commandeers” patients web browsers and captures private information when patients use the health care provider’s website to search for a doctor, pay bills or research medical information.
The class claims that this confidential information is collected by third parties, such as Facebook, which use it to “create detailed dossiers” on individuals.
“In effect, defendant provides third parties with a secret and invisible window through which to spy on the communications that the defendant exchanges with its patients,” according to the 27-page complaint filed in Sacramento County Superior Court.
In the computer world, “cookies” are used by retailers and websites to track visits, record user login information and save shopping orders.
The class alleges that Sutter Health, which operates 24 hospitals in Northern California, assigns and shares cookie identification numbers with third parties. The companies then use the numbers to target internet advertisements to Sutter patients or potential patients.
The complaint describes the process as “cookie synching” and notes that Sutter Health patients likely have no clue that their information – including searches on topics such as sexually transmitted diseases, obesity and cancer – is being shared.
“Defendant collects information from Plaintiffs and the Class members and their computing devices for purposes of direct marketing and advertising of products, goods, and services and discloses that information to third-parties such as Facebook,” the complaint states.
The unnamed class members accuse Sutter Health of seven causes of action, including violating California’s Invasion of Privacy Act and the Confidentiality of Medical Information Act.
The patients – represented by Kiesel Law of Los Angeles and Simmons Hanly Conroy in New York – are seeking statutory and punitive damages.
“The data disclosed by defendant to Facebook, Google and others in this case is ‘medical information’ under the Medical Information Act because it includes information derived from defendant regarding its patients’ ‘medical history, physical condition or treatment,’” the complaint states. “Defendant did not receive a valid authorization to disclose plaintiffs’ and class members’ information in any respect.”
Amy Thoma Tan, Sutter Health director of public affairs, said she was “reviewing the case” but declined to comment further on the lawsuit.
California Attorney General Xavier Becerra filed an antitrust lawsuit against Sutter Health in 2018. Becerra claims Sutter Health has prevented insurance companies from offering low-cost plans and causing “excessively high” out-of-network rates on patients. In March, a San Francisco County Superior Court judge denied Sutter Health’s motion to dismiss price tampering claims.