By: Christopher A. Parrella, Esq., CPC, CHC, CPCO
Parrella Health Law, Boston, Ma.
A Health Law Defense and Compliance Firm

In a significant legal development on April 26, 2024, the U.S. District Court for the District of Massachusetts ruled to mostly sustain a class action lawsuit against Tenet Healthcare Corporation. The case, brought forward by plaintiff Jane Doe, centers on allegations that Tenet’s Framingham Union Hospital misused web tracking technologies, such as Meta Pixel, to disclose patients’ sensitive information to third parties for advertising purposes, without their consent. This alleged action is argued to violate both the Health Insurance Portability and Accountability Act (HIPAA) and Tenet’s own privacy policies.

Jane Doe claims that after using Tenet’s website to manage her healthcare needs starting around 2015-2016, she noticed targeted advertisements that related directly to her health conditions. This led her to believe her personal and protected health information was being used by third parties.

While the court dismissed claims related to negligence per se and invasion of privacy due to lack of recognition under Massachusetts law, it allowed claims for negligence, breach of implied contract, unjust enrichment, and breach of fiduciary duty to proceed. The court also upheld statutory claims for violations of the Massachusetts Right to Privacy Law, the Massachusetts Consumer Protection Act, and noted that the Massachusetts Wiretap Act’s applicability was still under review by the Massachusetts Supreme Judicial Court.

The court’s decision highlights a crucial debate in the intersection of technology and privacy: the expectation that private health information entered into medical websites remains confidential and is not used for commercial gains without explicit patient consent. This case underlines the responsibilities healthcare providers have in managing patient data, especially when employing third-party tracking technologies.

As this case progresses, it will undoubtedly influence how healthcare entities approach data privacy and patient consent, particularly concerning the use of online tracking technologies in healthcare settings. Healthcare providers must tread carefully, ensuring their use of technology complies with both legal requirements and ethical standards to protect patient privacy.

The outcome of Doe v. Tenet Healthcare Corp. will likely set important precedents for privacy in the digital age and may prompt a reevaluation of policies and practices around data security and patient confidentiality in the healthcare industry.

Parrella Health Law offers expert legal services tailored to assist healthcare providers in navigating the complex landscape of privacy concerns. With a deep understanding of the Health Insurance Portability and Accountability Act (HIPAA) and other relevant privacy regulations, our team provides guidance on implementing robust privacy policies and compliance programs. We help healthcare organizations to manage risks associated with the use of digital technologies, such as online tracking tools, ensuring that patient data is protected and that practices align with both state and federal laws. Our proactive legal advice covers everything from routine compliance checks to defending against litigation, ensuring that healthcare providers can focus on delivering top-notch care without compromising patient privacy. If you’d like to discuss how Parrella Health Law can help your organization, please call us at 857.328.0382 or email me directly at cparrella@parrellahealthlaw.com.

Christopher Parrella, ESQ, CPC, CHC, CPCO, is the founding partner of Parrella Health Law in Boston, Mass. The firm focuses exclusively on healthcare defense and compliance matters. Chris also travels the country on behalf of a wide range of healthcare organizations, lecturing on a variety of health care enforcement and compliance topics. Chris is one of a handful of health care attorney’s that are also Certified Professional Coders (CPC) and is a member of the AAPC’s National Legal Advisory Board and Ethics Committee.  He is also a Certified Professional Compliance Officer (CPCO) and Certified in Health Care Compliance (CHC.)