Plaintiffs Add ECPA Violations in First Amended Complaint vs. Tenet

Plaintiffs B.K., N.Z. and R.P. added three causes of action in their privacy class action against Tenet’s Desert Care Network, in their first amended complaint (docket 2:23-cv-05021) Friday in U.S. District Court for Central California in Los Angeles. The California and Florida plaintiffs sued Tenet and its hospitals in California and Florida in June for collecting their confidential and private personal health information (PHI) -- including details about their medical conditions, treatments and providers sought, and appointments -- and then allegedly sending it to Facebook without prior, informed consent (see 2306260050). Defendants installed Facebook’s Meta Pixel tracking tool on their websites to intercept and send plaintiffs’ private information to third parties such as Facebook and Google, the complaint said. The Pixels track users as they navigate a website, logging which pages they visit, each button click and what information they provide on online forums, the complaint said. Pixels send information to Facebook via scripts running in a user’s internet browser so each data packet is labeled with an IP address that can be used with other data to identify a particular household, it said. In addition to claiming violations of California and Florida privacy and unfair competition laws, negligence, breach of contract and unjust enrichment, the amended complaint asserts two violations of the Electronic Communications Privacy Act and breach of fiduciary duty. Meta Pixel tracking code on the medical companies’ websites tracks “extremely sensitive” PHI such as health conditions, including diabetes, diagnoses such as COVID-19 or AIDS, plus procedures, test results, treatment status, treating physician, allergies and personally identifiable information, it said.