According to a U.S. federal judge, Meta Platforms must defend itself against claims that it breached the medical privacy of patients who received treatment from hospitals and other healthcare facilities that used its Meta Pixel surveillance tool.

Plaintiffs may bring charges against Meta for allegedly breaking federal wiretap laws, California privacy laws, and its own contractual commitments regarding Facebook user privacy, according to U.S. District Judge William Orrick in San Francisco.

The judge stated in a 26-page judgement on Thursday that the case “does not negate the plausible allegations that sensitive healthcare information is intentionally captured and transmitted to Meta” based on the available evidence.

Other claims were rejected by Orrick, but he allowed the plaintiffs—all of whom used the aliases John Doe or Jane Doe—to resubmit them.

The plaintiffs claim that when they registered into patient portals with the tracking program installed, Meta Pixel gave Meta sensitive information about their health, allowing Meta to profit from targeted advertising.
All Facebook users whose health information was stolen by Meta are seeking unspecified damages.

Attempts to reach Meta and the company’s attorneys in Menlo Park, California on Friday were unsuccessful. Similar inquiries were not immediately answered by plaintiffs’ attorneys.

A plaintiff’s attorney said that at least 664 hospitals and other healthcare facilities had been identified as using Meta Pixel by the time the legal action got underway in June 2020.

Sending sensitive health information may be a severe issue, Meta claimed in its request for dismissal. Meta “does not disagree” with this statement.

However, it also stated that its technology was not inherently harmful or illegal and that it was up to the healthcare professionals to determine how to use Meta Pixel.

Orrick, however, argued that it was unclear whether Meta took sufficient steps to prevent the sharing of patient information or whether its actions could be excused since healthcare practitioners genuinely approved of them.

Additionally, he discovered “detailed and credible allegations” that the transmission of such data was required for Meta’s advertising services.