UPMC Websites Send Patient Info to Third Parties Pennsylvania Class Action

UPMC owns and operates health care properties in Pennsylvania. It also operates online sites and encourages patients to participate in them. However, the complaint for this class action alleges that UPMC uses these sites to share patient information with other parties, thus breaching patient confidentiality and violating wiretapping laws, among other things.

The class for this action is all Pennsylvania residents who are, or were, patients of UPMC or any of its affiliates, who used UPMC’s web properties, including, but not limited to, UPMC.com and the Patient Portal at myupmc.upmc.com.

According to the complaint, UPMC “encourages patients to exchange information to search for a doctor, learn more about their conditions and treatments, access medical records and test results, and make appointments.”

The complaint quotes a number of UPMC statements implying or assuring patients that information will not be shared without their consent or authorization. However, the complaint alleges that this is not true.

It says, “UPMC causes the unauthorized transmission of patient data and communications through computer source code that it deploys to command patient computing devices to transmit the data to third parties through invisible web-bugs that include, but are not limited to, Facebook, Google, Twitter, Adobe, Microsoft, Oracle, Trade Desk, Neustar, Everest Technologies, Site Improve, Krux Digital, Undertone, and Acxiom.”

What exactly happens? The complaint claims, “Without any knowledge, authorization, or action by a user, a web property developer like UPMC’s source code can commandeer the user’s computing device, causing the device to contemporaneously and invisibly re-direct the user’s personal information and the contents of their communications to third parties.”

Google makes a Tag Manager that enables websites to more efficiently funnel information to third parties without slowing their websites. According to the complaint, “UPMC deploys Google Tag Manager on its websites through an ‘iframe,’ a nested ‘frame’ that exists within the UPMC website that is, in reality, an invisible window through which UPMC funnels web bugs for third parties to secretly acquire the content of patient communications without any knowledge, consent, authorization, or further action of patients.”

The Tag Manager is designed to be invisible, along with its forwarding duties. In this way, “UPMC causes patient personally identifiable information and the content of their communications to be redirected to third parties” without patient knowledge or consent.

The more-than-200-page package of the complaint plus exhibits covers a great deal more, such as the parties to whom data is sent from specific area, UPMC’s promises of confidentiality, and more details on how the UPMC system works.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

UPMC Websites Send Patient Info to Third Parties Pennsylvania Complaint

March 13, 2020

UPMC owns and operates health care properties in Pennsylvania. It also operates online sites and encourages patients to participate in them. However, the complaint for this class action alleges that UPMC uses these sites to share patient information with other parties, thus breaching patient confidentiality and violating wiretapping laws, among other things.

UPMC Websites Send Patient Info to Third Parties Pennsylvania Complaint

Case Event History

UPMC Websites Send Patient Info to Third Parties Pennsylvania Complaint

March 13, 2020

UPMC owns and operates health care properties in Pennsylvania. It also operates online sites and encourages patients to participate in them. However, the complaint for this class action alleges that UPMC uses these sites to share patient information with other parties, thus breaching patient confidentiality and violating wiretapping laws, among other things.

UPMC Websites Send Patient Info to Third Parties Pennsylvania Complaint
Tags: Sharing Personal Information with Third Parties, Using Your Private Information Without Consent, Your Privacy, wiretapping