Class Actions Filed Citing Telehealth Data Breach, Privacy Concerns
by Kaitlin Gagnon
Despite decades-long practice, telemedicine – the virtual delivery of clinical health care by providers to patients – presented an innovative alternative during the COVID-19 pandemic for patients to receive medical care without compromising safety. As the risks of the pandemic subside, the utilization of telemedicine continues to grow, offering fiscal benefits to healthcare practitioners and convenient accessibility to patients across many scopes of care.
According to a 2022 CDC data brief, nearly 40% of adults in the United States used telemedicine in the prior year (2021).
However, alongside its expanding potential, a unique set of challenges in telemedicine or “telehealth” has emerged, involving the protection of patients’ personal information and violable private data. Several class action lawsuits and mass arbitrations have been filed by plaintiffs, represented by Milberg attorneys, against emerging titans of the telehealth industry over data breaches and the alleged mishandling of private patient information.
These allegations coincide with national trends of telehealth accountability, on the heels of Federal Trade Commission (FTC) enforcement action and bipartisan-penned letters from Senators Amy Klobuchar (D-MN), Susan Collins (R-ME), Maria Cantwell (D-WA), and Cynthia Lummis (R-WY) to telehealth companies citing concerns over patient data privacy and security.
Plaintiff C.M. – a female BetterHelp patient from Texas – anonymously filed a class action lawsuit in March of 2023 against BetterHelp, Inc. alleging the company used the private information of its patients “extensively for its own profit” by sharing and disclosing the names, health histories, and email addresses of its users.
After repeatedly promising to keep patients’ confidential and sensitive information private and to use it exclusively for “non-advertising” purposes, BetterHelp is accused of using patient information to target new and existing customers through its advertising, even installing web beacons and cookies to track user data.
C.M.’s lawsuit accuses the Silicon Valley telehealth company of offering private patient information to large advertising companies such as Facebook, Pinterest, Criteo, and Snapchat.
The suit also alleges BetterHelp disclosed and potentially sold the Plaintiff’s and Class Members’ IP addresses.
“Protecting medical information and making sure it is kept confidential and not disclosed to anyone other than the person’s medical provider is necessary to maintain public trust in the healthcare system as a whole,” the suit claims.
C.M.’s lawsuit follows an FTC complaint against BetterHelp, which ordered the company to pay $7.8 million after determining it used questionnaires to solicit user information, promised to keep the obtained information private, then shared the obtained information with major advertising platforms.
Plaintiff Kelly Vriezen – a female HealthPartners patient from Minnesota – filed a class action lawsuit in early February of 2023 against Group Health Plan, Inc. to address the company’s alleged, “illegal and widespread practice of disclosing confidential personally identifiable information (PII) and protected health information (PHI),” to unauthorized third parties including Meta (Facebook).
The company offers two websites, healthpartners.com and virtuwell.com, allowing patients to book medical appointments, locate care providers and facilities, research symptoms, conditions, and treatments, and discover ongoing medical events and classes. Both websites make express and implied promises to protect user data.
Vriezen’s lawsuit alleges HealthPartners installed and implemented the Facebook Tracking Pixel on its websites, secretly enabling, “the unauthorized transmission and disclosure of Plaintiff and Class Members’ PII and PHI,” to third parties like Facebook and Google.
The suit alleges third parties like Facebook were able to reasonably infer patients’ medical conditions (i.e. cancer, pregnancy, HIV) considering its access to the type of medical treatment sought, health conditions, and/or successfully booked medical appointments.
The suit further alleges, “Facebook, in turn, sells Plaintiff’s and Class Members’ Private Information to third-party marketers who geotarget Plaintiff’s and Class Members’ Facebook pages,” by utilizing the compromised information.
Vriezen claims she reasonably assumed her communications with HealthPartners websites were private and protected, having never consented to any third party’s access of her personal information.
United States citizens and telehealth patients who utilized any of the following BetterHelp or HealthPartners websites (or associated apps) may be entitled to compensation:
If you are concerned your personal information has been compromised by an alternative telehealth provider, or to explore your legal options against BetterHelp or HealthPartners, contact our Data Breach, Cyber Security, & Biometrics practice group today.