Hethcoat Quoted on Rise of Privacy Class Actions Involving Health Care Data

Blue Shield was hit with a class-action suit in California for allegedly sharing patients’ private health data with Google’s advertising platform, Google Ads, without the patients’ consent. The complaint alleges that the health plan violated the state’s Confidentiality of Medical Information Act (CMIA) and Unfair Competition Law.

Gayland noted that these types of health care privacy claims are starting to gain “legal traction,” partly resulting from “heightened” public concerns about digital privacy, changing patient confidentiality expectations, and extensive use of third-party tracking technologies.

“Blue Shield’s acknowledgment that it used Google Analytics ‘like other health plans’ suggests that many insurers may have unknowingly implemented similar tools in ways that exposed patient data,” he said. “Now that these practices have come to light, we can expect plaintiffs’ attorneys to scrutinize any health plan that utilized tools like Google Analytics or Meta Pixel on their websites. In fact, multiple class actions were filed almost immediately after Blue Shield’s breach disclosure. California is especially fertile ground for this kind of litigation due to the robust protections and private right of action under the state’s [CMIA], but we’re also seeing similar claims emerge across the country under state privacy and consumer protection laws.”

Gayland added, “California’s CMIA has significantly evolved in recent years, and those changes will shape the future of health data privacy litigation … As a result, we’re likely to see more lawsuits in California involving nontraditional healthcare entities that handle sensitive health data. In contrast, HIPAA — the federal health information privacy law — does not provide individuals with a private right of action. Moreover, a recent court decision in Texas has cast doubt on HIPAA’s applicability to online tracking technologies, and it remains unclear how aggressively the current administration will enforce HIPAA in this space. These limitations create room for states like California to fill the gap, positioning CMIA as a leading framework for protecting health information in a rapidly evolving digital landscape.”

Read the full article here. (Subscription required)