The University of California San Diego Health notified an undisclosed number of patients that their data was inadvertently shared with third parties due to a vendor placing Pixel analytics tools on its patient-facing websites without UCSD Health’s authorization.
The third party, Solv Health, hosted and managed UC San Diego Health’s scheduling websites for UCSD’s Express Care and Urgent Care locations, which include:
- Downtown San Diego - 203 West F St.
- Encinitas - 1505 Encinitas Blvd.
- Eastlake/Chula Vista - 2295 Otay Lakes Road, Suite 110
- Pacific Highlands Ranch - 6030 Village Way, Suite 200
- Rancho Bernardo - 16950 Via Tazon
Patients who used the scheduling site between September 13 and December 22, 2022, to book appointments for in-person or virtual visits may have been subject to unauthorized data access, as the analytics tool potentially captured and transmitted information to Solv Health’s third-party service providers.
“It is important to note that these analytics tools never collected Social Security numbers, medical record numbers, financial account numbers, or debit/credit card information,” UC San Diego Health stated. “The scheduling websites were not part of UC San Diego Health’s electronic health records systems, MyUCSDChart, and no information within MyUCSDChart was impacted by Solv Health’s use of analytics tools.”
UCSD Health joins a long list of providers to report an unauthorized disclosure to third parties due to the use of Pixel-tracking tech, or marketing analytics tools. But it’s the first provider to notify due to a vendor’s error.
The health system worked with Solv Health, after discovering the incident, to identify individuals impacted and directed the company to remove analytics tools from the scheduling sites immediately.
The UCSD health system has since transitioned to a new online scheduling tool and enhanced its vendor assessment procedures.