Telehealth Privacy Violations

The Lyon Firm is actively involved in Class Action Data Tracking & Telehealth Privacy Violations Lawsuits on behalf of plaintiffs nationwide
Nationwide Success

Telehealth Data Privacy Lawsuits

Investigating health website data tracking & HIPAA Violation Lawsuits

According to a recent investigation published on The Markup website, popular telehealth websites have allegedly been using Meta’s Pixel tracking tool, and sharing users’ medical and personal information to Facebook.

This private information on telehealth websites is often shared with tech companies with the use of tracking code and without user consent.

The Markup reported that 49 direct-to-consumer telehealth companies had a third-party tracking code on their site, with the potential to share data with third parties. The study follows another privacy report that revealed many healthcare systems in the U.S. using tracking code on their web portals. The following sites were tested for tracking code in the report:

  • Apostrophe
  • Bicycle Health
  • Boulder Care
  • Brightline
  • Brightside
  • Calibrate
  • Cerebral
  • Clearing
  • Cove
  • Curology
  • DearBrightly
  • Done
  • Dorsal
  • Eleanor Health
  • Elektra Health
  • Facet
  • Favor
  • Folx
  • Found
  • Gennev
  • Hers
  • Hims
  • Keeps
  • Kick Health
  • KwikMed
  • Lemonaid
  • Mantra Health
  • Mindbloom
  • Minded
  • Mistr
  • Monument
  • Musely
  • Nue Life
  • Nurx
  • Oar
  • Ophelia
  • Picnic
  • Plume
  • QCare Plus
  • RexMD
  • Roman
  • Rory
  • Strut Health
  • Talkspace
  • Talkiatry
  • Wisp
  • WorkIt
  • Wondermed

In many cases, user answers to medical questionnaires regarding health conditions, medical histories, and drug use were sent to big tech firms. Dozens of the telehealth websites shared email addresses, phone numbers, and full names.

Collected information was sent to Meta, Google, TikTok, Bing, Snap, Twitter, LinkedIn, and Pinterest, possibly for the future use in targeted advertising.

Can I Sue for Telehealth HIPAA Violations?

Remote healthcare providers are HIPAA-covered entities and disclosures of protected health information are therefore restricted by the HIPAA Privacy Rule. The HHS’ Office for Civil Rights has confirmed that the use of third-party tracking code on health websites violates HIPAA if that tracking code collects and transfers protected health information (PHI) to third parties unless the third party qualifies as a business associate.

Sometimes the telehealth websites are not actually bound by HIPAA rules, but more often the information collected through these websites is passed on to HIPAA-covered entities. In a scramble to protect themselves, some have begun removing tracking technology from their websites to review the legality of their business.

Some healthcare systems have added these tracking technologies to their websites to improve the user experience, while others may be benefiting financially.

The question is more about transparency, as many users are unaware that information they provide directly through answers on web forms and medical questionnaires can be shared with other companies.

It is also unclear to consumers how the big tech companies use the transferred data, though there are some obvious theories. Meta has been named a defendant in several privacy lawsuits, some of which allege health data has been used to serve targeted advertising.

Experts have said new regulation is needed because the current privacy regulations like HIPAA were not made for telehealth companies, leaving huge gaps in the law.


Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.


Joseph Lyon has 17 years of experience representing individuals in complex litigation matters. He has represented individuals in every state against many of the largest companies in the world.

The Firm focuses on single-event civil cases and class actions involving corporate neglect & fraud, toxic exposure, product defects & recalls, medical malpractice, and invasion of privacy.


The Firm offers contingency fees, advancing all costs of the litigation, and accepting the full financial risk, allowing our clients full access to the legal system while reducing the financial stress while they focus on their healthcare and financial needs.

photo of data breach attorney Joe Lyon
Compensation for Victims

Why are Data Tracking Cases important?

Without data privacy class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty.

Holding companies accountable for poor data protection and data privacy violations helps ensure that consumers are better protected in the future. 


  • This field is for validation purposes and should be left unchanged.

Questions About Your Telehealth Privacy Rights

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a piece of legislation that was introduced to simplify the administration of healthcare, prevent healthcare fraud, and ensure that employees could keep healthcare coverage if between jobs.

There have been updates to HIPAA since 1996 when it was enacted to improve privacy protections for patients to ensure healthcare data is protected.

Is my personal health data protected?

Privacy laws are meant to protect patients’ personal health data, and when institutions fail to protect personal data they may be sued for damages. In recent years much health data has been leaked and stolen, causing significant damages to plaintiffs who have have taken legal action

In a recent case the American Medical Collection Agency (AMCA) settled with nearly 21 million people in 40 states and Washington D.C. concerning a data breach that may have exposed their personal information. The breach, which occurred in 2018, lasted nearly a year until official notice of the intrusion.

An unauthorized user gained access to the AMCA internal data system and collected the personal information, including Social Security numbers, financial information, and personal health information, such as medical tests and diagnostic codes.

Quest Diagnostics was alerted that the hack exposed the personal medical data of 11.9 million of its patients. LabCorp had 7.7 million patients exposed. A number of class action lawsuits were filed throughout the country, alleging negligence, breach of contract, and a variety privacy violations concerning data security.

How are HIPAA Violations Discovered?

HIPAA violations are often discovered during internal audits. Supervisors may also identify areas of non-compliance or see employees blatantly violate HIPAA Rules. The penalties for violations of HIPAA Rules can be severe, with fines of up to $25,000 per violation. Fines of up to $1.5 million may be possible for a particular company in any given calendar year.

Can I file a HIPAA Violation Lawsuit?

If your personal health data has been stolen or improperly leaked, you may have a data privacy claim against those responsible. Contact The Lyon Firm for a free and confidential case review.


What is a Class Action Lawsuit?

A Class Action is a lawsuit brought by an individual on behalf of all other similarly situated individuals. Rule 23 of the Federal and State Rules of Civil Procedure allows for Class Action lawsuits to resolve disputes in an efficient format.

Class Actions are typically filed when the amount of money in dispute for a single plaintiff would not justify litigating the case, but where the amount of damages of the entire class of Plaintiffs would justify the cost of litigation. Without class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty.

What is the meta pixel tracking tool?

Meta’s data trackers are embedded in many of the websites we all use. The Meta Pixel tool is a piece of JavaScript code that websites can use to track the movement of users across the site. The Meta Pixel tool records information liked user IP addresses and the actions of users.

On telehealth websites, for example, Meta Pixel can record medical and personal information. The collected information and tracking data is then sent to Meta to be processed, stored, and used for targeted advertising.

Your Right to Justice

Learn About the Legal Process

Filing Class Action lawsuits is a complex and serious legal course and can carry monetary sanctions if proper legal course is not followed. The Lyon Firm is dedicated to assisting injured plaintiffs work toward a financial solution to assist in compensating for medical expenses or other damages sustained.

We work with law firms across the country to provide the most resources possible and to build your case into a valuable settlement. The current legal environment is favorable for consumers involved in data breach class actions, deceptive marketing lawsuits, TCPA telemarketing claims, and financial negligence claims.