News
Weather
Radar
Maps
Weather Cameras
Tower Cams
Weather Articles
Daily Climate Summary
SchoolWatch
Local Temp Records
Local Climate Data
The Weather Authority App
SchoolWatch Portal
CBS logo
Local 12 Investigates
Sports
Game Center
Watch

Now

75

Tue

85

Wed

87

Lawyers claim confidential medical information shared all the time

by Duane Pohlman, WKRC

Thu, May 9th 2024 at 1:57 PM
Updated Wed, May 22nd 2024 at 10:41 AM
UserWay icon for accessibility widget
(provided to WKRC){br}
(provided to WKRC)
(provided to WKRC){br}
Image icon
8
VIEW ALL PHOTOS
View All Photos
(provided to WKRC)
Facebook Share IconTwitter Share IconEmail Share Icon

CINCINNATI (WKRC) - Christine Von Raesfeld has lived with serious illnesses rooted in a genetic autoimmune disorder.

Her life revolves around surgeries and treatments in hospitals around Santa Clara, California, in the heart of Silicone Valley.

When she’s not in the hospital, Christine said she spends most of her time on her healthcare providers’ websites trying to learn more about her condition.

“I'm looking at the potential for research,” she said.

TARGETED ADS FOR TREATMENT

Five years ago, Christine said she noticed medical ads popping up on her computer during, and after her research, that recommended treatments for the conditions she had just researched.

“I was now seeing ads that were targeting me,” she said.

But targeted ads would likely mean those hospital and healthcare provider websites had been collecting and sharing her health information, and Christine knew that was prohibited by the Health Insurance Portability and Accountability Act, or HIPPA, a federal law “to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.”

Christine made it clear that there was no disclosure and she certainly didn’t give her consent to share any of her medical information.

Increasingly, Christine suspected her protected information was being shared.

“This information was being collected,” she said.

SEARCHING “SCARY” CODE

Attorney Alexandra “Alex” Honeycutt came to the same uncomfortable conclusion.

“Are we being spied on," Local 12 asked.

“Undoubtedly," said Honeycutt.

In a law office high above downtown Knoxville, Tennessee, Honeycutt has been constantly searching healthcare provider websites, clicking to find the often hidden world of computer coding that drives them.

On one of the hospital websites, she revealed how the website tracks her name, IP address and other identification from the moment she opens the page.

“So, it's tracking what you're using," Local 12 asked.

“Yes," she said.

With more clicks and scrolls, Honeycutt revealed the healthcare provider website was also capturing her searches, including queries about lung cancer and throat issues, and sharing the information she just typed in with some of the nation’s largest tech companies.

“It's incredibly scary. And it's scary because it's invisible,” she said.

PIXEL POPULAR, BUT PROHIBITS SHARING MEDICAL DATA

Honeycutt said it happens with the help of a simple piece of code, offered for free as a marketing tool by tech companies, which is embedded in hospital and healthcare provider websites. Honeycutt said one of the most popular tools is Meta Pixel.

But Meta clearly warns that Pixel is “prohibited” from being used to collect and share "information about an individual’s physical or mental health.”

Honeycutt said it’s up to the healthcare providers to make sure that doesn’t happen and in case after case, she said she can prove protected health information is being shared.

Leaning forward in her chair, Honeycutt stops and observes.

“It’s really astonishing," she said.

COMPUTER EXPERT DEMONSTRATES HOW IT WORKS

Local 12 turned to a computer expert to see exactly how it works.

Kevin Lewis, owner of Media Stew in Cincinnati, testified in civil trials to explain how Pixel and other coding works when they’re placed on healthcare provider websites.

He didn’t shy away from the core question.

"Do you know how they know," Local 12 asked.

"Yes," said Lewis.

To reveal the inner workings, Lewis set up a mock medical site and named it “Acme Med,” which he embedded, "with the fictional pixel that I set up with it."

Lewis said the "Pixel" coding allows third-party cookies to track and share everything, including protected medical information to a mock “Facebook” page he also set up.

When Lewis types “cancer” in the search bar, it instantly appears on the mock Facebook page.

“Now they can link exactly my user ID with the fact that I'm looking up cancer,” said Lewis. “It puts a bull’s eye on you.”

CLASS ACTION LAWSUITS ACROSS THE COUNTRY

Honeycutt and other attorneys have filed at least 18 class action lawsuits against hospitals, pharmacies, even dialysis centers and other healthcare providers in 24 states, claiming an “illegal and widespread practice of disclosing confidential personally identifiable information and protected health information” of millions of patients.

While some of the lawsuits are being settled, Honeycutt said the alleged violations have eroded trust.

“It makes it really difficult for people to trust their health care providers when they sit there and wonder to themselves, is there a back door where they're sharing this information,” she said.

For Raesfeld, who’s also a patient advocate, the lawsuits confirmed her fears that the most sensitive and confidential medical information was routinely being shared.

“We expect that we have some level of privacy," said Local 12. "Do we?"

I don't think we do," said Raesfeld.

“Do you feel violated," Local 12 asked.

“Yes," she said.


Stay Connected
Facebook Icon
Like Us
Twitter Icon
Follow Us
Newsletter Sign up /sign-up
TermsEEOFCCFCCPrivacy PolicyCookie PolicyCookie Preferences
Loading ...