Dive Brief:
- A plaintiff has accused Medtronic of sharing user data for its InPen diabetes management system with companies including Google.
- The lawsuit alleges that Medtronic’s MiniMed business used digital platforms to acquire “a treasure trove of personal data” and shared the information with third parties to increase revenue and profits.
- According to the plaintiff in the proposed class action lawsuit, the disclosures to Google are “particularly problematic” because his use of Gmail meant his personal information was “automatically linked to his real identity.”
Dive Insight:
The case centers on the app that accompanies Medtronic’s smart insulin pen. Medtronic created the app to help patients record their insulin doses, receive reminders and share data with their healthcare team. The use of the data is covered by Medtronic’s notice of privacy practices. According to the lawsuit, the company has used the data in ways that are beyond the terms covered in the notice.
“Despite its unquestionable obligation to protect the confidentiality and security of Patients’ Private Information, MiniMed made the conscious decision to use Tracking Tools on its Digital Platforms to acquire very sensitive, personal information and data about Plaintiff’s and Class Members’ medical conditions and communications, which was disseminated to third parties, including Google, for marketing and analytics purposes and, ultimately, to increase revenue and profits,” the lawsuit states.
That section of the lawsuit cites a Medtronic case study about ways data and insights can improve care and costs across health systems. The case study discusses how “gathering insights through connected technologies” has a clear payoff and has spurred Medtronic’s “investment in technology to gather and process data.”
The lawsuit also quotes a notice that Medtronic published earlier this year. According to the lawsuit, the notice stated that Medtronic had determined that tracking and authentication technologies “disclose certain details about a user’s actions within the InPen App; particularly for users that are logged into their Google accounts at the same time as the InPen App and have shared their identity or other online activity with Google.” Medtronic launched an internal investigation in response to the discovery.
A spokesperson for Medtronic wrote in an emailed statement that the company has not yet been served with a summons, and will review the complaint.
“We have strong processes, technologies, and people in place to safeguard and protect our information and systems, the information of our business partners, and most importantly, the privacy and safety of the patients and healthcare providers that use our products,” the spokesperson wrote.
According to the lawsuit, Medtronic’s use of tracking tools violates HIPAA and industry standards and “enriched” the company. The plaintiff is seeking relief and damages from Medtronic.