Category: Alerts
Our Cyber Security Partner, Tokio Marine, has released the
following important notice regarding organizations using Meta Pixel (an online
marketing tool from Facebook used by many healthcare practices) and its
potential unauthorized disclosure of personal identifiable information (PII) and
protected health information (PHI). Please see below:
We’re seeing hundreds of healthcare providers and other
businesses targeted by class action lawsuits across the country, alleging
the unauthorized disclosure of personally identifiable information (PII) and
personal health information (PHI), and seeking civil damages for each
disclosure. PII and PHI was gathered through the use of a tracker called Meta
Pixel. Potential exposure from this litigation may be significant, and we
wanted to be sure you are aware. Recently, a class action against a
healthcare organization in the Northeastern United States alleging unauthorized
disclosure of PHI, in part because of the Meta Pixel, resulted in a settlement
of $18.4 million.
In addition to the exposure organizations may face from
class action lawsuits, breach notifications and regulatory enforcement may also
cause significant expense. The allegations of unauthorized disclosure of PHI
and/or PII may thus be a violation of HIPAA as well as relevant state privacy laws
prohibiting the unauthorized disclosure of PII/PHI to third parties. In just
the past month, two large health systems have sent data breach notifications to
approximately 3.5 million patients because of Meta Pixel.
We recommend contacting your IT professional to
identify whether any forms or pages on your company website contains Meta Pixel,
and the steps you should take to mitigate the risks noted above.
For more information, please click here.
