A Wisconsin healthcare system is facing a class action lawsuit for allegedly compromising patient privacy by sharing sensitive health information with third parties without consent. On February 18, 2026, Gretchen Franck filed a complaint in the United States District Court for the Western District of Wisconsin against Marshfield Clinic, Inc., accusing it of unlawfully using tracking technologies to disclose patients’ protected health information (PHI) and personally identifiable information (PII) to data brokers like Google.
The lawsuit alleges that Marshfield Clinic’s website used surveillance software to collect and transmit sensitive health data about patients and prospective patients to unauthorized third parties. This includes details about medical conditions, treatments, physicians, and billing information. Franck claims this was done without patient consent, violating federal laws such as the Health Insurance Portability and Accountability Act (HIPAA). The plaintiff argues that such actions erode trust in the healthcare system and deter individuals from seeking necessary medical treatment due to privacy concerns.
Franck’s complaint highlights how Marshfield Clinic’s actions have caused harm by invading medical privacy, causing emotional distress, and diminishing the value of their sensitive health information. The lawsuit seeks damages exceeding $5 million on behalf of a nationwide class of affected individuals. It also calls for injunctive relief to prevent further unauthorized disclosures. The case raises significant questions about the balance between digital marketing practices and patient privacy rights.
Representing Franck are attorneys from various law firms specializing in complex litigation cases. The case is presided over by judges in the Western District of Wisconsin under Case ID 3:26-cv-00125.
Source: 326cv00125_Franck_v_Marshfield_Clinic_Inc_Complaint_Western_District_Wisconsin.pdf
