Meta (Facebook) Pixel Healthcare Privacy Litigation
Case Overview
The Meta Pixel is a snippet of JavaScript code that website operators embed to track user behavior and serve targeted advertising. Investigative reporting by The Markup in 2022 revealed that the Meta Pixel had been installed on the websites of 33 of the top 100 U.S. hospitals, as well as patient portal login pages, where it automatically captured and transmitted sensitive health-related data to Meta — including details about doctors searched, appointment scheduling actions, and even specific medical conditions. This transmission allegedly occurred without patients' knowledge and without their HIPAA-required authorization, turning routine health-seeking behavior into advertising intelligence for Meta's ad-targeting platform.
Class action litigation was filed in the Northern District of California, with plaintiffs arguing that Meta knowingly received and monetized protected health information in violation of HIPAA (through aiding-and-abetting theories), the Electronic Communications Privacy Act, the California Confidentiality of Medical Information Act, and various state wiretapping statutes. Meta moved to compel arbitration for users who agreed to its terms of service, but courts have allowed many claims to proceed. Separately, the HHS Office for Civil Rights issued guidance warning hospitals that use of tracking pixels on patient portals may violate HIPAA. The case is in active litigation, with class certification proceedings ongoing in 2025.
Who May Qualify
U.S. residents who visited a hospital, health system, or healthcare provider's website or patient portal that had the Meta (Facebook) Pixel installed, and whose health-related browsing data, appointment information, or medical details were transmitted to Meta without their consent.
Frequently Asked Questions
How do I know if my hospital shared my data with Facebook?
The Markup's investigation identified dozens of major hospital systems that used the Meta Pixel on patient-facing web pages. If you scheduled appointments, searched for doctors, or logged into a patient portal on a hospital website between approximately 2016 and 2022, your data may have been shared with Meta. A full list of affected health systems has been compiled by several news outlets.
Is the Meta Pixel lawsuit a HIPAA violation?
While HIPAA does not include a private right of action, the lawsuits argue Meta violated state wiretapping laws and medical privacy statutes, and that hospitals violated HIPAA obligations by allowing the pixel to capture PHI. The HHS Office for Civil Rights has also weighed in, stating that use of tracking pixels on patient portals may indeed violate HIPAA.