Skip to main content
UCLA Health data privacy notice

UCLA Health Data Privacy Investigation

Written by The Lyon Firm on . Posted in Data Breach, Litigation Update, Meta Pixel.

The Lyon Firm is investigating UCLA Health for alleged privacy violations on behalf of plaintiffs in California and nationwide. Contact the firm for a free and confidential consultation.

The HHS has reported that 94,000 individuals may have had their personal data impacted in a UCLA Health privacy breach. Privacy attorneys around the country have recently filed class action lawsuits against large healthcare networks involving hospital data violations linked to Facebook/Meta.

According to a notice on the UCLA Health website, the company uses analytical tools to collect information from patients’ activity on their site, as well as from third parties, such as ad networks or analytics services that interact with the site. Who these third parties are is not clear.

Facebook’s parent company Meta and several large hospital networks like UCLA have allegedly violated medical privacy laws with a tracking tool that sends health information directly to Meta.

Under HIPAA protections, any healthcare data transfer should require consent from patients. Lawyers allege there is no evidence that consent had been obtained from patients in some other notable hospital data privacy Meta Pixel complaints.

If you or a loved one has questions about your privacy rights and data security at UCLA Health, contact us for a case review.

Can UCLA Health Legally  Collect Data?

The data collected by websites may include your IP address, digital identifiers, information about your web browsing activity, and how you interact with the site.

There are several newer laws that attempt to protect consumers from large-scale data violations. Notably, the California Consumer Privacy Act (CCPA) gives California residents the right to the following:

  • Knowing how their personal information is used
  • Ability to access, request, and receive any personal information that has been collected in a portable manner
  • Ability to request that any entity delete their personal information
  • Ability to opt-out of their personal information being sold or shared