Hospital faces $3.5M settlement after sharing patient data with Facebook
Virginia Mason Medical Center has agreed to settle a class-action lawsuit over sharing patient data with advertisers, including Facebook and Google. The hospital will pay out $3.5 million to the plaintiffs.
According to the lawsuit, Virginia Mason gave tech platforms access to data on its website and patient portal. That information was used by third parties to develop advertising profiles on patients without their knowledge or consent.
Under Washington state law, where Virginia Mason is based, this constitutes an illegal data breach. Per the terms of the settlement, the hospital does not admit to violating data privacy laws and takes no responsibility for wrongdoing.
The $3.5 million will be used to compensate individuals who used its website and the MyVirginiaMason portal. However, if the fund is not enough to fully compensate all victims, Virginia Mason could be on the hook for up to an additional $3.25 million.
The potential for the increased settlement depends on how many patients sign onto the class-action settlement, which will distribute between $45 and $90.
In addition to financial compensation, the hospital has agreed to form a Web Governance Committee to monitor the use of analytics tools. For the next two years, it also cannot use tracking cookies, unless they are deemed compliant with federal and state laws.
A judge also needs to finalize the agreement between the plaintiffs and Virginia Mason. The hearing to confirm the terms is scheduled for March 28.
HealthExec has reached out to Virginia Mason for comment.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.