Meta Pixel Data Collection

The Lyon Firm is actively involved in Data Privacy Class Action Lawsuits & Investigating Hospital Data Privacy Cases
Nationwide Success

Data Privacy Attorney

Investigating Meta Pixel Hospital Data Privacy Violations

The Lyon Firm has filed a class action lawsuit against a healthcare network involving Meta Pixel hospital data violations. We are investigating further privacy complaints nationwide.

Facebook’s parent company Meta and several large hospital networks have allegedly violated medical privacy laws with a tracking tool that sends health information directly to Meta.

An investigation earlier in the year found that a third of the top 100 hospitals are using the Meta Pixel tool on their websites and are sending  patient data to Facebook without proper consent.

Hospital networks named in Meta Pixel privacy violation lawsuits:

  • Advocate Aurora
  • WakeMed
  • Duke Health
  • Novant Health

What is the Meta Pixel Tool?

Meta’s data trackers are embedded in many of the websites we all use. The Meta Pixel tool is a piece of JavaScript code that websites can use to track the movement of users across the site. The Meta Pixel tool records information liked user IP addresses and the actions of users.

On a hospital website, for example, Meta Pixel can record appointment information and any information selected from menus. The collected information and tracking data is then sent to Meta to be processed, stored, and used for targeted advertising.

Online Tracking HIPAA Violations

Under the HIPAA Privacy, Security, and Breach Notification Rules (HIPAA Rules), there are clear limitations that apply when regulated entities collect  and disclose protected health information (PHI) to tracking technology vendors.

Regulated entities are not permitted to use tracking technologies in a manner that result in “impermissible disclosures” of PHI to tracking technology vendors.

Tracking technologies collect information and track users in various ways, some of which are not apparent to website or mobile app users. Websites may use tracking technologies such as cookies, web beacons or tracking pixels, session replay scripts, and fingerprinting scripts.

Are there Hospital Data Privacy Laws?

Yes, under the HIPAA, any hospital data transfer should require consent from patients. Lawyers allege there is no evidence that consent had been obtained from patients in some prior hospital data privacy Meta Pixel complaints.

Meta (Facebook) is not hemmed in by HIPAA, but the hospitals and health systems that use Meta Pixel on their websites have been named as defendants in class actions.

The terms and conditions of Meta state that if sensitive data is transferred using Meta Pixel, the company will prevent that data from being used to serve targeted ads, but it is unclear if that has rung true.

Meta Pixel Hospital Data Class Action Lawsuits

Data Privacy lawsuits have been filed against Meta for allegedly collecting patient data from hospital websites through the Meta Pixel tool, violating the privacy of millions of patients.

The lawsuits allege Meta has violated California’s Unfair Competition Law and the Invasion of Privacy Act. The complaint reads: “Despite knowingly receiving health-related information from medical providers, Facebook has not taken any action to enforce or validate its requirement that medical providers obtain adequate consent from patients before providing patient data to Facebook.”

In one of the lawsuits, a patient says their medical information was sent to Facebook on the University of California San Francisco and Dignity Health patient portals. The patient then was targeted in advertisements for their known heart and knee conditions.

Patients at the MedStar Health System, Novant Health and Advocate Aurora also allege that the medical providers sent medical data to Facebook through the Meta Pixel tool.

The lawsuits will have to be certified as class actions by a judge, and  could potentially bring damages on behalf of all Facebook users whose medical providers employed the Meta Pixel.

According to privacy advocates, Meta and other companies have tracking systems designed to collect user data from millions of sites and turn it into advertising dollars. This is not speculation, it is their very business model.

But, when businesses and hospitals choose to put Meta Pixel and other trackers on their websites and apps, they are also liable for the harm that could cause.

Why would a hospital agree to this? Some hospitals have said they did not know about the data collection. But regardless, they have a duty to understand their own systems and potential privacy violations.

Can You Avoid Meta Pixel?

Browsers like Safari, Firefox, and Brave offer data tracking blockers. Other browsers have privacy extensions. VPNs may also be used to  obscure an IP address.

If you have experienced an invasion of privacy by data collectors or other tools that may be a privacy violation, contact us for a free consultation.

Consumer safety attorneys are taking on new class action data privacy violation cases every day. While companies collect, store, share, and sell your personal data, consumers often see their privacy compromised.

Cybersecurity may take a backseat to company profit and growth, and instances of data misuse are increasingly common. There are many new questions surrounding what companies can legally do with data they collect from their clients, but only a handful of states have actually signed consumer data privacy protections into law.

Personal data privacy violations can be the basis for class action data misuse lawsuits, and The Lyon Firm aims to protect consumer privacy rights. If you have been the target of data sharing, medical data misuse or data privacy violations, call for a free consultation. You may be eligible to join existing data privacy class actions and compensation may be available.


Please complete the form below for a FREE consultation.


Joseph Lyon has 17 years of experience representing individuals in complex litigation matters. He has represented individuals in every state against many of the largest companies in the world.

The Firm focuses on single-event civil cases and class actions involving corporate neglect & fraud, toxic exposure, product defects & recalls, medical malpractice, and invasion of privacy.


The Firm offers contingency fees, advancing all costs of the litigation, and accepting the full financial risk, allowing our clients full access to the legal system while reducing the financial stress while they focus on their healthcare and financial needs.

photo of data privacy attorney Joe Lyon

Reviewing Data Sharing & Data Misuse Claims

Why are Data Privacy Cases important?

Without personal data privacy violation class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty. By holding companies accountable for safely storing your personal information, every consumer will have more control over how their data is used in the future. 


Questions About Data Privacy Lawsuits

What to do if you are a victim of Meta Pixel data Misuse
  1. Get confirmation of the data theft or misuse and collect as many details about the incident as possible. 
  2. Contact an attorney to investigate the complex litigation involved in data privacy lawsuits. 
  3. Try to find out what information was exposed and protect yourself as much as possible. 
  4. Talk to an attorney before accepting any settlement direct from a company. 
  5. Monitor your accounts and personal information closely. 
Who is liable for data tracking violations?

Under current privacy law the firm or organization that is storing user data are responsible for data breaches and will pay any fines or damages that are the result of legal action. The actual data holder—an organization that provides cloud storage—is not usually legally implicated or held responsible in litigation. 

How can I prevent data misuse?

It’s not as easy as just alerting companies to stop collecting and selling your personal information, but you can take certain steps to protect yourself, including:

  • Opt out of data collection practices if possible
  • Review your credit report
  • Use strong and different passwords for all of your accounts
  • Do not offer your personal information unless necessary
  • Check bank accounts for suspicious activity
  • Limit how exposed you are on social media
  • Speak with a cybersecurity attorney
What is a Class Action Lawsuit?

A Class Action is a lawsuit brought by an individual on behalf of all other similarly situated individuals. Rule 23 of the Federal and State Rules of Civil Procedure allows for Class Action lawsuits to resolve disputes in an efficient format.

Class Actions are typically filed when the amount of money in dispute for a single plaintiff would not justify litigating the case, but where the amount of damages of the entire class of Plaintiffs would justify the cost of litigation. Without class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty.

What are class action requirements?

In order for a case to be certified as a Class Action, the Court must determine that the case is appropriate for class action treatment under Rule 23. There are different elements depending on whether the case is seeking monetary or injunctive relief. In general, the Court must find the following elements are satisfied:

  • Numerosity: The proposed class must be so numerous that simply joining the individual plaintiffs would be impractical. Generally, the class size should exceed 100 individuals.
  • Common Questions of Law or Fact: The facts and/or legal questions in the dispute must be common to all class members. This does not mean all facts or issues must be identical, but the primary facts and law that will determine the issue in dispute must be common among all class members.
  • Typicality: The named Plaintiff in the case must have the same facts and legal issues as the class they are proposing to represent. If the Plaintiff’s individual case involves issues of fact or law unique to that Plaintiff and are irrelevant to the ultimate issue, class certification may be denied by the Court.
  • Plaintiff/Counsel Adequately Represents the Class: The Court must find that the Plaintiff and Plaintiff’s Counsel are competent and will protect the class’ interests.
  • Predominance: Common questions of fact predominate over individual facts.
  • Superiority: The Class Action is a more efficient and fair means of resolving the dispute. The Court will look at the following factors when making this determination: (1) Class Member interest in maintaining a separate action; (2) the extent of any litigation already begun by other class members; (3) desirability or undesirability of litigating the case in a particular Court ; (4) difficulties in managing the class.
When Should I contact The Lyon Firm?

Protecting sensitive personal information is getting more and more difficult, but that doesn’t mean it’s not possible. By forcing companies to become accountable for their lack of cybersecurity measures following data misuse and data breach incidents, consumers will have a more secure future.

Large companies control vast amounts of data, leaving nearly all Americans at risk when their personal data is compromised. If your financial, medical, or consumer information is misused, you may file a data privacy violation claim.

What are some examples of data privacy lawsuits?

The majority of BIPA lawsuits are filed against employers who utilize biometric timekeeping systems with fingerprint or facial recognition scans, and collect the employee biometric data.

Motorola, Clearview AI and Vigilant are facing legal action for allegedly collecting mugshots that were used by law enforcement. Microsoft, Amazon, Alphabet, and FaceFirst Inc. are alleged to have violated privacy laws by collecting photos for facial recognition data from the website, Flickr.

A proposed class action alleges Ring, LLC has failed to protect the privacy of its motion-activated cameras and the personal information of its customers. The complaint alleges Ring’s devices are rife with security vulnerabilities, which may compromise the personal data of existing and future customers.

Cyber criminals may have the potential to hack into Ring devices and home networks. The lawsuit aos brings to light the fact that Ring has shared users’ personal identifying information with third parties without first obtaining prior consent. The complaint says the devices are not well-equipped to deal with potential hacks.

Plaintiffs in the case want Ring to take additional security measures to protect the privacy of user accounts and installed devices, as well as stop sharing personal data without clear and informed consent.

Reports have surfaced that several user accounts and devices were hacked, and plaintiffs argue the company was late in addressing security issues.

Beyond the security issues, Ring permits third parties to track users, raising eyebrows from consumer safety and data privacy advocates.


Your Right to Justice

Learn About the Legal Process

Filing Class Action lawsuits is a complex and serious legal course and can carry monetary sanctions if proper legal course is not followed. The Lyon Firm is dedicated to assisting injured plaintiffs work toward a financial solution to assist in compensating for medical expenses or other damages sustained.

We work with law firms across the country to provide the most resources possible and to build your case into a valuable settlement. The current legal environment is favorable for consumers involved in data breach class actions, deceptive marketing lawsuits, TCPA telemarketing claims, and financial negligence claims.

data breach lawsuits