Cleveland Clinic Hit with Class Action Lawsuit Alleging Third-Party Tracking Tools Collect Sensitive Health Info

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit claims that the Cleveland Clinic has implemented onto its website technologies that track user activity online for third-party advertising purposes, all without the individual’s knowledge or consent.

Want to stay in the loop on class action lawsuits that matter to you? Sign up for ClassAction.org’s free weekly newsletter.

The 58-page privacy lawsuit contends that the Cleveland Clinic, a leading nonprofit academic medical center with 319 locations worldwide, has deliberately installed on its website sophisticated tracking technologies from a number of major entities— such as Adobe, Google, Amazon, Magnite, Index Exchange, and OpenX— designed specifically to collect data on a site visitor’s activities, and either create a corresponding profile or add the collected data it to a pre-existing one. The complaint argues that Cleveland Clinic benefits directly from using third-party tracking tools, in the form of detailed site-visitor analytics that can inform certain business and marketing decisions.

Related Reading: Google Facing Class Action Over Alleged Data Tracking on Healthcare Provider Websites

According to the case, implementing the handful of tracking tools was a “deliberate action” by Cleveland Clinic web designers that required individual administration on a site-wide basis.

The web-tracking technologies, the case explains, essentially function through hidden, embedded code on websites that are downloaded onto a user’s browser and subsequently collect data about the user’s interactions within the website. Adobe’s tracking infrastructure, for instance, curates a digital fingerprint for site users based on a multitude of identifiers stored as cookies that can pinpoint users across applications and websites, track their behavior over time, synchronize online data, and maintain persistent tracking through different devices, the case illustrates.

With regard to medical information and research, the complaint asserts that “[t]he interception of healthcare-related communications through these tracking technologies is particularly problematic, as it can reveal highly personal and sensitive medical conditions, treatment interests, and care-seeking behaviors to third parties without patients’ knowledge or explicit consent.”

The corresponding invasion of privacy, the lawsuit continues, degrades the value of personal, private data and can result in significant embarrassment, stigma, and discrimination.

The information allegedly intercepted by Cleveland Clinic through these technologies includes, but is not limited to:

• -The physicians from whom users are seeking treatment;
• -Health conditions and medical concerns;
• -Prospective facility treatment locations;
• -Types of medical services, procedures, and specialties;
• -Patient portal correspondence;
• -Sensitive medical questions and queries; and
• -Attempts to schedule appointments and/or contact providers

In light of Cleveland Clinic’s privacy policy, which reassures that health information will not be disclosed without a user’s consent, the complaint maintains that site visitors “would not reasonably expect” that their health information might be at risk after a simple site visit. This expectation of privacy is further affirmed by doctrines sent out by governing bodies like the Federal Trade Commission (FTC), who alert healthcare providers of the necessity to safeguard private information and provide guidelines on how to do so, the case mentions.

“In any case, the Privacy Policy falsely claims that ‘[n]o information provided by patients during medical consultations or requests for medical appointments is ever used for marketing purposes’” the suit alleges. “However, as demonstrated above, Cleveland Clinic systematically shares information provided by users during requests for medical appointments with third parties that may use it for advertising and marketing.”

The case charges that Cleveland Clinc’s actions violate the Electronic Communications Privacy Act and the Florida Security of Communications Act.

The Cleveland Clinic data tracking class action lawsuit looks to cover all individuals in the United States whose online actions and communications were intercepted by third parties through Cleveland Clinic’s website during the applicable statute of limitations period.

Check out ClassAction.org’s lawsuit list for current class action lawsuits.