Consumer Fraud Lawsuit Filed Against Google Concerning Health Care Privacy
A new consumer fraud lawsuit has been filed against Google and the University of Chicago Medical Center, alleging that healthcare providers failed to protect the privacy of hundreds of thousands of patient medical records. The lawsuit is linked to the companies partnering in research linked to hospital readmissions and, in doing so, allegedly allowing third-party marketers to target citizens using advertisements.
Those who have brought the lawsuit argue that as a result of the two companies’ actions, patients can (illegally) be identified based upon information that Google has made available. It also accuses the University of consumer fraud for failing to keep these records confidential.
What HIPAA Mandates
HIPAA is the relevant federal privacy law that governs health records and all associated information. Specifically, the law dictates what can and cannot be shared, and this includes dates of service, which the University of Chicago allegedly shared with Google.
However, under the law, it is legal for personal health information to be transferred between organizations if there is a business associate agreement. That being said, this information must be provided in a “secure manner,” and there are guidelines governing its transmission and use. This includes Google signing a data use agreement with the health care provider, seeks to ensure that specific data–such as names and phone numbers–are not shared. It also requires that a party like Google safeguard the data.
How Consumer Fraud Litigation Like This Is Different
Lawsuits like these are typically filed as class action complaints and demands for jury trials. The concern over the actions of Google and companies like it is that they have gone beyond sharing information, such as social security numbers, and risked far more intimate information, such as medical information about an individual’s life, which is even more damaging to an individual’s privacy. This information included such details as what disease the person might be suffering from, as well as any medical procedures they underwent.
Of additional concern is the fact that the University Medical Center promised—via the patient admission forms—that patients’ information would not be shared with third parties like Google. Regardless, according to the lawsuit, the University did share this information, and failed to first notify or seek permission from its patients. Also, according to the complaint, in an effort to cover up these actions, the companies stated, to the public, that the medical records were “de-identified” so that you could not tell which individuals they specifically belonged to. However, according to the plaintiffs, the detailed date stamps and additional information allows identities to be uncovered.
Contact Our Florida Consumer Fraud Attorneys with Any Questions
If you have concerns about legal protections for consumers, and any potentially unfair, deceptive, or illegal business practices, contact our Sarasota consumer fraud attorneys at Moran, Sanchy & Associates today to find out how we can help.