Facebook’s parent company, Meta, and major American hospitals violated medical privacy laws with a tracking tool that sends health information to Facebook, according to two lawsuits filed in California seeking to become a class action.

The lawsuits, filed in the Northern District of California, focused on the software MetaPixels. Yippee An analytics tool that can be installed on Facebook and Instagram ad targeting websites. It also collects information about how users browse, interact with, and enter information on this website.

The charges stem from an investigation Mark where he found that 33 of the top 100 hospitals in the United States use the Meta Pixel on their websites. In seven of them, it was installed on password-protected patient portals. The investigation found that the tool sent Facebook information about patients’ health status, doctor’s appointments, drug allergies and other theoretically confidential data.

In one of the lawsuits, a patient describes her medical information being sent to Facebook using the Meta Pixel tool through the patient portals of UC San Francisco and Dignity Health, the two defendant hospitals. Later, the patient received advertisements aimed at her heart and knee disease, they explain as an example of one of the registered cases.

Under the HIPAA Privacy Act, a private or public health-related organization require the express consent of patients share health and personally identifiable information with outside groups. Meta says it requires groups using the Meta Pixel to share data before sending it to Facebook and that it filters out sensitive health data.

The lawsuits allege that Meta knowingly failed to enforce these policies and that it placed the Meta Pixel on the websites of healthcare organizations, even though it knew it would collect personal health information. They say it’s illegal.

The lawsuits will have to be certified as class actions by a judge before they can proceed. If either is confirmed, it could lead to liability for damages on behalf of all Facebook users whose medical providers used Meta Pixel.

Facebook is a repeat offender due to many changes from matrix to Meta. Data is pure gold in the era of connectivity and the Internet, and much more those related to health, along with financial information, the most valued (to be sold) and hunted by hackers and “legitimate” companies that trade with them. The collection and use of personal data without authorization is a constant and thus a violation of the right to privacy. Someone should stop because the cases keep repeating despite the scandals.