Eisenhower Medical Center has agreed to settle claims that it improperly shared patient data through tracking tools on its website.
Eisenhower Medical Center, now known as Eisenhower Health, has agreed to an $875,000 settlement following a lawsuit that accused the hospital of disclosing sensitive patient information to third parties via website tracking tools. The lawsuit alleged that tools like Meta Pixel and Google analytics were embedded on its site without proper consent, resulting in unauthorized sharing of medical information with companies such as Meta and Google.
The lawsuit was filed in the U.S. District Court for the Central District of California under the case name B.K., et al. v. Eisenhower Medical Center. It claimed the hospital promoted various digital tools to enhance user engagement and revenue, while knowingly transmitting protected health information without authorization.
Tracking technologies like Meta Pixel are commonly used to analyze website traffic and user behavior. In this case, the lawsuit argued that data transmitted included individuals’ medical conditions, appointment details, and treatment information based on interactions with tools like MyChart and online scheduling forms.
The lawsuit listed 14 causes of action, including violations of California and federal privacy laws such as the Confidentiality of Medical Information Act and the Electronic Communications Privacy Act.
Although the hospital denies all wrongdoing, it agreed to settle to avoid the costs and risks of prolonged litigation.
As part of the settlement, Eisenhower Medical Center will:
The hospital also agreed to suspend the use of tracking tools like Meta Pixel for at least two years. After that period, any future use will require clear, affirmative disclosure. A new Web Governance Committee will oversee future analytics and compliance efforts.
According to the settlement website, “The Lawsuit claims that Defendant was responsible for the ‘Meta Pixel Disclosure,’” and lists multiple legal violations, including the California Confidentiality of Medical Information Act (CMIA), the Electronic Communications Privacy Act (ECPA), and the California Invasion of Privacy Act (CIPA). The suit also includes claims under California’s Unfair Competition Law, the state constitution, and several other statutes. It seeks relief for individuals “alleged to have been injured by the Meta Pixel Disclosure.”
Meta Pixel is a tracking code used to monitor user activity on websites. In healthcare, it becomes controversial when it collects information about a user’s health status or interactions without proper authorization.
Yes. If tracking tools collect protected health information (PHI), hospitals must comply with HIPAA privacy and security rules even when the tools are provided by third parties.
Patients usually aren’t given clear options unless hospitals implement consent banners or disclosures. This case proves the need for more transparent user controls.
It’s an internal team responsible for overseeing the use of website technologies to ensure they comply with privacy laws and internal policies. Eisenhower Health has agreed to maintain such a committee going forward.
Healthcare providers should audit all web tracking tools, ensure they are not sharing PHI without consent, and consider implementing clear disclosures or avoiding such tools altogether when dealing with sensitive health information.