Lawsuit claims Excela Health disclosed patient information to Facebook, Google
Two unnamed Westmoreland County residents are seeking class action status for a lawsuit in which they claim Excela Health disclosed their personal patient information to Facebook and Google.
The suit, filed last week in Westmoreland County Common Pleas Court, seeks a judgment of over $1 million in addition to compensatory and punitive damages, an injunction against the health system and a jury trial.
Butler Health System, which merged with Excela in early 2023, declined to comment on the suit.
As recently as Feb. 8, Excela disclosed patient information including patients’ identification, status, physicians, medical treatments and the hospitals they visited without their knowledge or consent, according to the suit.
The information was disclosed through the use of various marketing and data collection tools embedded in its websites that intentionally disclose the information to third parties who use the information for advertising purposes, according to the suit.
Excela’s use of those tools causes its patients’ personally identifiable information and contents of communications they exchanged with the health system to be automatically redirected to third parties in violation of their reasonable right to privacy, according to the suit.
Disclosing the information violates the state’s Wiretapping and Electronic Surveillance Control Act and physician-patient confidentiality, the suit alleges.
Plaintiff John Doe I was treated at Excela’s Latrobe Hospital and Westmoreland Hospital, and plaintiff John Doe II was treated at Frick, Latrobe and Westmoreland hospitals, according to the suit.
They claim that Excela encourages its patients to use the digital tools on its website to seek and receive health services. The homepage is designed for patient use, and its patient portal allows patients to make appointments, access medical records, view lab results and communicate with health care providers, according to the suit.
Although Excela promises to keep patient information private, it uses source code to disclose patients’ communications and protected health care information to third parties, including Facebook and Google, through automatic rerouting mechanisms on the website, the suit claims.
The third parties receive the information before the a full response from Excela appears on their patients’ computer screens, and while patients are communicating with Excela, the suit claims.
The information Excela sent to third parties includes the type of appointment the patient made, the date of the appointment and the doctor the patient was seeing, the suit claims.
In addition to allegedly violating the Wiretapping and Electronic Surveillance Control Act, Excela invaded the privacy of its patients, breached its duty of confidentiality and was unjustly enriched by disclosing the information, the suit claims.
