1 2 3 4 5 6 7 8 UNITED STATES DISTRICT COURT 9 SOUTHERN DISTRICT OF CALIFORNIA 10 11 AMY WRIGHT, individually and on Case No.: 3:25-cv-00786-JES-BLM behalf of others similarly situated, 12 ORDER GRANTING IN PART AND Plaintiff, 13 DENYING IN PART DEFENDANT’S v. MOTION TO DISMISS 14
TRUECARE PROPERTY HOLDINGS, 15 LLC, [ECF No. 26] 16 Defendant. 17 18 Before the Court is Defendant TrueCare Property Holdings, Inc.’s, (“Defendant’s”) 19 motion to dismiss Plaintiff Amy Wright’s (“Plaintiff’s”) First Amended Complaint. Mot. 20 (“Mot.”). For the reasons set forth below, the motion is GRANTED with leave to amend 21 as to Counts I, II, III, and V of Plaintiff’s complaint, and DENIED as to Count IV of 22 Plaintiff’s complaint. 23 I. BACKGROUND 24 Defendant operates truecare.org, a website that provides healthcare services and 25 information to people in San Diego and Riverside Counties. ECF No. 24 (“FAC”) ¶ 3. 26 This action arises from TrueCare’s use of the Meta Pixel on its website, a piece of 27 software created by Meta Platforms, Inc., that TrueCare embedded in its website. Id. ¶ 6. 28 1 Plaintiff alleges that the Meta Pixel intercepts users’ page visit information and associates 2 it with their Facebook identification number to generate data for personalized ads. Id. ¶ 26. 3 Plaintiff alleges that, because of the way TrueCare’s website is structured, the Meta Pixel 4 can associate someone’s searches about their healthcare with their profile and potentially 5 derive sensitive healthcare information from the intercepted data. Id. ¶ 30. 6 Plaintiff alleges that TrueCare and Meta Platforms, Inc., both have access to data 7 gathered by the Meta Pixel. Id. ¶ 26, 29. Plaintiff alleges that TrueCare knew of this data 8 interception and sharing when it installed the Meta Pixel on its website based upon the 9 Meta Pixel’s terms of service. Id. ¶ 50-56. Plaintiff states that TrueCare does not inform 10 users of or ask their consent for this use of their healthcare information. Id. ¶ 32. 11 Plaintiff alleges injuries arising from six visits to Defendant’s website. Id. ¶ 72. 12 Plaintiff downloaded a report of her tracked activity on the website, which show six events 13 titled as “search,” “contact,” or “page_view.” Id. ¶ 73. Plaintiff alleges that the pages she 14 visited constitute personal information that no third party, such as Meta, should access. Id. 15 ¶ 76. 16 II. LEGAL STANDARD 17 A motion to dismiss for failure to state a claim should be granted when the 18 allegations do not “state a claim to relief that is plausible on its face.” Aschroft v. Iqbal, 19 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). 20 “A claim has facial plausibility when the plaintiff pleads factual content that allows the 21 court to draw the reasonable inference that the defendant is liable for the misconduct 22 alleged.” Id. at 678 (citing Twombly, 550 U.S. at 556). “The plausibility standard ... asks 23 for more than a sheer possibility that a defendant has acted unlawfully.” Mashiri v. Epsten 24 Grinnell & Howell, 845 F.3d 984, 988 (9th Cir. 2017) (internal quotation marks omitted). 25 When evaluating the sufficiency of a complaint's factual allegations, the court must 26 accept as true all well-pleaded material facts alleged in the complaint and construe them in 27 the light most favorable to the non-moving party. Wilson v. Hewlett-Packard Co., 668 F.3d 28 1136, 1140 (9th Cir. 2012); see Daniels-Hall v. Nat'l Educ. Ass'n, 629 F.3d 992, 998 (9th 1 Cir. 2010). Allegations in a complaint “may not simply recite the elements of a cause of 2 action, but must contain sufficient allegations of underlying facts to give fair notice and to 3 enable the opposing party to defend itself effectively.” Starr v. Baca, 652 F.3d 1202, 1216 4 (9th Cir. 2011). While the court must draw all reasonable inferences from the factual 5 allegations in favor of the plaintiff, Newcal Indus. v. Ikon Off. Sol., 513 F.3d 1038, 1043 6 n.2 (9th Cir. 2008), the court need not credit legal conclusions that are couched as factual 7 allegations, Iqbal, 556 U.S. at 678-79. 8 III. DISCUSSION 9 A. Protected Health Information 10 Several of Plaintiff’s claims are based on a theory that Defendant’s use of the Meta 11 Pixel led to the improper disclosure of her protected health information (“PHI”) under the 12 Confidentiality of Medical Information Act (“CMIA”) and the Health Insurance Portability 13 and Accountability Act (“HIPAA”). FAC ¶¶ 2-5. Defendant argues that the FAC should 14 be dismissed in its entirety because Plaintiff fails to allege PHI. Mot. at 12. For the reasons 15 set forth below, the Court agrees that Plaintiff has not alleged PHI. 16 “HIPAA defines ‘protected health information’ as ‘individually identifiable’ 17 information that is ‘created or received by a health care provider’ (or similar entities) that 18 ‘[r]elates to the past, present, or future physical or mental health or condition of an 19 individual’ or the ‘provision of health care to an individual.” In re Meta Pixel Healthcare 20 Litigation, 647 F.Supp.3d 778, 792 (N.D. Cal. 2022) (quoting 45 C.F.R. § 160.103). Courts 21 in this district have found two main categories of PHI tracked by the Meta Pixel on 22 healthcare websites to be actionable: (1) information associating the user with private 23 patient portals, because the use of such portals shows patient status which is itself PHI (id.); 24 and (2) information associating the user with public webpages which reveals something 25 private about the user’s health, conditions, or care (see, e.g., Doe v. Tenet Healthcare 26 Corp., 789 F.Supp.3d 814, 837 (E.D. Cal. 2025) (finding that a plaintiff’s searches related 27 to pregnancy, childbirth, and her specific doctor constituted PHI); R.C. v. Walgreen Co., 28 733 F.Supp.3d 876, 886 (C.D. Cal. 2024) (finding that user-associated searches for 1 “sensitive healthcare products [] related to specific conditions” constituted PHI); Castillo 2 v. Costco Wholesale Corp., 2024 WL 4785136 (W.D. Wash 2024) at *4 (finding that user- 3 associated searches for specific prescriptions constituted PHI)). The use of public 4 webpages on a healthcare website alone is not PHI if the data tracked does not plausibly 5 reveal something about the “past, present, or future physical or mental health or condition 6 of an individual” or their care. Nienaber v. Overlake Hospital Medical Center, 733 7 F.Supp.3d 1072, 1082 (W.D. Wash. 2024). Thus, to allege PHI based on the use of a public 8 webpage, a plaintiff must allege not only that they accessed a public webpage but also that 9 their “interactions plausibly relate to the provision of healthcare, or [that] the information 10 connects a particular user to a particular healthcare provider.” Id. at 1081-82. Conclusory 11 or hypothetical explanations of how the Meta Pixel could track sensitive information on a 12 healthcare website, without factual allegations plausibly showing that Plaintiff’s own 13 actionable PHI was tracked, are insufficient to survive a motion to dismiss where PHI is 14 required. Cousin v. Sharp Healthcare, 681 F.Supp.3d 1117, 1123 (S.D. Cal. 2023).
Free access — add to your briefcase to read the full text and ask questions with AI
1 2 3 4 5 6 7 8 UNITED STATES DISTRICT COURT 9 SOUTHERN DISTRICT OF CALIFORNIA 10 11 AMY WRIGHT, individually and on Case No.: 3:25-cv-00786-JES-BLM behalf of others similarly situated, 12 ORDER GRANTING IN PART AND Plaintiff, 13 DENYING IN PART DEFENDANT’S v. MOTION TO DISMISS 14
TRUECARE PROPERTY HOLDINGS, 15 LLC, [ECF No. 26] 16 Defendant. 17 18 Before the Court is Defendant TrueCare Property Holdings, Inc.’s, (“Defendant’s”) 19 motion to dismiss Plaintiff Amy Wright’s (“Plaintiff’s”) First Amended Complaint. Mot. 20 (“Mot.”). For the reasons set forth below, the motion is GRANTED with leave to amend 21 as to Counts I, II, III, and V of Plaintiff’s complaint, and DENIED as to Count IV of 22 Plaintiff’s complaint. 23 I. BACKGROUND 24 Defendant operates truecare.org, a website that provides healthcare services and 25 information to people in San Diego and Riverside Counties. ECF No. 24 (“FAC”) ¶ 3. 26 This action arises from TrueCare’s use of the Meta Pixel on its website, a piece of 27 software created by Meta Platforms, Inc., that TrueCare embedded in its website. Id. ¶ 6. 28 1 Plaintiff alleges that the Meta Pixel intercepts users’ page visit information and associates 2 it with their Facebook identification number to generate data for personalized ads. Id. ¶ 26. 3 Plaintiff alleges that, because of the way TrueCare’s website is structured, the Meta Pixel 4 can associate someone’s searches about their healthcare with their profile and potentially 5 derive sensitive healthcare information from the intercepted data. Id. ¶ 30. 6 Plaintiff alleges that TrueCare and Meta Platforms, Inc., both have access to data 7 gathered by the Meta Pixel. Id. ¶ 26, 29. Plaintiff alleges that TrueCare knew of this data 8 interception and sharing when it installed the Meta Pixel on its website based upon the 9 Meta Pixel’s terms of service. Id. ¶ 50-56. Plaintiff states that TrueCare does not inform 10 users of or ask their consent for this use of their healthcare information. Id. ¶ 32. 11 Plaintiff alleges injuries arising from six visits to Defendant’s website. Id. ¶ 72. 12 Plaintiff downloaded a report of her tracked activity on the website, which show six events 13 titled as “search,” “contact,” or “page_view.” Id. ¶ 73. Plaintiff alleges that the pages she 14 visited constitute personal information that no third party, such as Meta, should access. Id. 15 ¶ 76. 16 II. LEGAL STANDARD 17 A motion to dismiss for failure to state a claim should be granted when the 18 allegations do not “state a claim to relief that is plausible on its face.” Aschroft v. Iqbal, 19 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). 20 “A claim has facial plausibility when the plaintiff pleads factual content that allows the 21 court to draw the reasonable inference that the defendant is liable for the misconduct 22 alleged.” Id. at 678 (citing Twombly, 550 U.S. at 556). “The plausibility standard ... asks 23 for more than a sheer possibility that a defendant has acted unlawfully.” Mashiri v. Epsten 24 Grinnell & Howell, 845 F.3d 984, 988 (9th Cir. 2017) (internal quotation marks omitted). 25 When evaluating the sufficiency of a complaint's factual allegations, the court must 26 accept as true all well-pleaded material facts alleged in the complaint and construe them in 27 the light most favorable to the non-moving party. Wilson v. Hewlett-Packard Co., 668 F.3d 28 1136, 1140 (9th Cir. 2012); see Daniels-Hall v. Nat'l Educ. Ass'n, 629 F.3d 992, 998 (9th 1 Cir. 2010). Allegations in a complaint “may not simply recite the elements of a cause of 2 action, but must contain sufficient allegations of underlying facts to give fair notice and to 3 enable the opposing party to defend itself effectively.” Starr v. Baca, 652 F.3d 1202, 1216 4 (9th Cir. 2011). While the court must draw all reasonable inferences from the factual 5 allegations in favor of the plaintiff, Newcal Indus. v. Ikon Off. Sol., 513 F.3d 1038, 1043 6 n.2 (9th Cir. 2008), the court need not credit legal conclusions that are couched as factual 7 allegations, Iqbal, 556 U.S. at 678-79. 8 III. DISCUSSION 9 A. Protected Health Information 10 Several of Plaintiff’s claims are based on a theory that Defendant’s use of the Meta 11 Pixel led to the improper disclosure of her protected health information (“PHI”) under the 12 Confidentiality of Medical Information Act (“CMIA”) and the Health Insurance Portability 13 and Accountability Act (“HIPAA”). FAC ¶¶ 2-5. Defendant argues that the FAC should 14 be dismissed in its entirety because Plaintiff fails to allege PHI. Mot. at 12. For the reasons 15 set forth below, the Court agrees that Plaintiff has not alleged PHI. 16 “HIPAA defines ‘protected health information’ as ‘individually identifiable’ 17 information that is ‘created or received by a health care provider’ (or similar entities) that 18 ‘[r]elates to the past, present, or future physical or mental health or condition of an 19 individual’ or the ‘provision of health care to an individual.” In re Meta Pixel Healthcare 20 Litigation, 647 F.Supp.3d 778, 792 (N.D. Cal. 2022) (quoting 45 C.F.R. § 160.103). Courts 21 in this district have found two main categories of PHI tracked by the Meta Pixel on 22 healthcare websites to be actionable: (1) information associating the user with private 23 patient portals, because the use of such portals shows patient status which is itself PHI (id.); 24 and (2) information associating the user with public webpages which reveals something 25 private about the user’s health, conditions, or care (see, e.g., Doe v. Tenet Healthcare 26 Corp., 789 F.Supp.3d 814, 837 (E.D. Cal. 2025) (finding that a plaintiff’s searches related 27 to pregnancy, childbirth, and her specific doctor constituted PHI); R.C. v. Walgreen Co., 28 733 F.Supp.3d 876, 886 (C.D. Cal. 2024) (finding that user-associated searches for 1 “sensitive healthcare products [] related to specific conditions” constituted PHI); Castillo 2 v. Costco Wholesale Corp., 2024 WL 4785136 (W.D. Wash 2024) at *4 (finding that user- 3 associated searches for specific prescriptions constituted PHI)). The use of public 4 webpages on a healthcare website alone is not PHI if the data tracked does not plausibly 5 reveal something about the “past, present, or future physical or mental health or condition 6 of an individual” or their care. Nienaber v. Overlake Hospital Medical Center, 733 7 F.Supp.3d 1072, 1082 (W.D. Wash. 2024). Thus, to allege PHI based on the use of a public 8 webpage, a plaintiff must allege not only that they accessed a public webpage but also that 9 their “interactions plausibly relate to the provision of healthcare, or [that] the information 10 connects a particular user to a particular healthcare provider.” Id. at 1081-82. Conclusory 11 or hypothetical explanations of how the Meta Pixel could track sensitive information on a 12 healthcare website, without factual allegations plausibly showing that Plaintiff’s own 13 actionable PHI was tracked, are insufficient to survive a motion to dismiss where PHI is 14 required. Cousin v. Sharp Healthcare, 681 F.Supp.3d 1117, 1123 (S.D. Cal. 2023). 15 Here, Plaintiff states that she visited Defendant’s website on or about February 14, 16 2023, September 8, 2023, September 12, 2023, October 18, 2023, November 1, 2023, and 17 January 9, 2024. FAC ¶ 72. She alleges that on October 18, 2023, November 1, 2023, and 18 January 9, 2024, the Meta Pixel tracked her search terms entered on the website. Id. 19 Plaintiff attached a screenshot of her downloaded browsing data tracked by Meta on 20 Defendant’s website, which shows 6 tracked events categorized as searches, contacts, or 21 page views (id. ¶ 73) but do not reveal on their face any information about the searches, 22 contacts, or pages themselves. Plaintiff states that she values her privacy when web 23 browsing, especially regarding her health, and that the pages she visited constituted 24 personal information of a private and confidential nature. Id. ¶ 74. The mere fact that 25 Plaintiff used Defendant’s website does not constitute PHI because it does not necessarily 26 reveal any information related to her healthcare, conditions, or patient status. See Nienaber, 27 733 F.Supp.3d at 1082. Plaintiff’s statement that the pages she visited constitute personal 28 information and are private and confidential in nature are conclusory and insufficient to 1 survive a motion to dismiss where PHI is required. See Cousin, 681 F.Supp.3d 1117 at 2 1123. Thus, Plaintiff has failed to adequately allege PHI, and her claims which require PHI 3 are subject to dismissal. 4 B. Counts I and II: ECPA and CIPA 5 Defendant argues that the first and seconds counts of Plaintiff’s FAC should be 6 dismissed because (1) they fail to identify the contents of her intercepted communications 7 and (2) the party-exception rule applies. Mot. at 18-21. The Court agrees. 8 Plaintiff’s first cause of action for violation of the Electronic Communications 9 Privacy Act (“ECPA”) requires that Defendant used a device to intentionally intercept the 10 contents of her electronic communications. 18 U.S.C. § 2511(1). Her second cause of 11 action for violation of the California Invasion of Privacy Act (“CIPA”) requires an 12 allegation that Defendant in some way assisted a third party in reading or learning the 13 contents of a message she transmitted, mirroring the “contents of communication” standard 14 of ECPA. Cal. Penal Code § 631(a). Both statutes require a plaintiff to plausibly allege that 15 the defendant intercepted the contents of communication, not just record or identifying 16 information like webpage addresses and Facebook IDs. In re Zynga Privacy Litigation, 750 17 F.3d 1098, 1107 (9th Cir. 2014) (holding that allegations that defendants intercepted 18 plaintiff’s Facebook ID information and the webpages of addresses they accessed 19 insufficient to allege “contents of any communication” under ECPA); Heiting v. Taro 20 Pharmaceuticals USA, Inc., 709 F.Supp.3d 1007, 1018 (C.D. Cal. 2023) (relying on the 21 Ninth Circuit’s reasoning in In re Zynga to find that CIPA requires a showing of the 22 contents of protected communication, not just record communication or identifiable 23 information). 24 For both claims, under the party-exception rule, an intended party to a 25 communication is exempt from liability unless the plaintiff shows that they conducted the 26 interception with criminal and/or tortious intent. Walgreen Co., 733 F.Supp.3d at 901; In 27 re Facebook, Inc., Internet Tracking Litig., 956 F.3d 589, 607 (9th Cir. 2020) (“Courts 28 perform the same analysis for both the Wiretap Act and CIPA regarding the party 1 exemption.”). Thus, to show that an intended recipient is subject to ECPA or CIPA liability 2 for intercepting a communication, “a plaintiff must plead sufficient facts to support an 3 inference that the offender intercepted the communication for the purpose of a tortious or 4 criminal act that is independent of the intentional act of recording or interception itself.” 5 B.K. v. Eisenhower Medical Center, 721 F.Supp.3d 1056, 1065 (C.D. Cal. 2024). In mass 6 data-privacy actions, the independent tortious or criminal act requirement may be met by 7 a plaintiff plausibly alleging the violation of a state law, such as a state privacy law. 8 Walgreen Co., 733 F.Supp.3d at 901. 9 Here, Plaintiff alleges that her interactions with Defendant’s website and online 10 communications with Defendant constitute electronic communications under the meaning 11 of the statute. FAC ¶ 96. However, as explained above, Plaintiff’s only non-conclusory 12 allegations regarding her interactions with the website state that she visited the website six 13 times, that three of those visits were tracked by the Meta Pixel, and that on those visits the 14 Meta Pixel tracked six events categorized as searches, contacts, or page views Id. ¶ 72-74. 15 Plaintiff’s allegation that she accessed Defendant’s website is mere record information, and 16 her allegation that her Facebook ID was associated with her visits is mere identifying 17 information. See In re Zynga Privacy Litigation, 750 F.3d at 1107. Neither type of 18 allegation is sufficient to plausibly allege that Defendant impermissibly intercepted the 19 “contents of communication” as required to state a claim under ECPA or CIPA. See id. 20 Thus, Defendant’s motion to dismiss Counts I and II is GRANTED on the basis that 21 Plaintiff failed to plausibly allege facts showing that Defendant intercepted the contents of 22 a communication. 23 Regarding the party-exception rule, Plaintiff states that the communications at issue 24 were intercepted for purposes of violating laws “including, but not limited to,” fourteen 25 different state and federal statutes. FAC ¶ 100. However, as explained below, Plaintiff has 26 not stated a claim for any of the listed statutes other than Cal. Penal Code Section 638.51, 27 Use of a Pen Register or Trap and Trace Device, which contains elements that contradict 28 the elements of a CIPA or ECPA violation. See Cal. Penal Code § 638.51 (prohibiting the 1 use of a “device or process” capable of recording “dialing, routing, addressing, or signaling 2 information […] but not the contents of a communication” from a “wire or electronic 3 communication” without a court order). Based on Plaintiff’s representations regarding her 4 ability to amend the complaint at the hearing on this motion, the Court finds it appropriate 5 to defer ruling on the party-exception rule at this time. 6 C. Count III: Invasion of Privacy Under California’s Constitution 7 Defendant argues that Plaintiff’s third claim for invasion of privacy under the 8 California Constitution (Cal. Const. art. 1 § 1) should be dismissed for lack of allegations 9 of highly offensive conduct. Mot. at 23-24. The Court agrees. 10 To state a claim for invasion of privacy, “Plaintiffs must show that (1) they possess 11 a legally protected privacy interest, (2) they maintain a reasonable expectation of privacy, 12 and (3) the intrusion is so serious … as to constitute an egregious breach of social norms 13 such that the breach is highly offensive.” In re Facebook, 956 F.3d at 601 (internal 14 quotations omitted). To satisfy the third element, plaintiffs must allege specific private 15 information upon which a defendant intruded, such that a court can analyze whether the 16 sharing of that information plausibly constituted an egregious breach of social norms. Jones 17 v. Tonal Systems, Inc., 751 F.Supp.3d 1025, 1043 (S.D. Cal. 2024) (holding “conclusory 18 allegations” lacking “requisite specificity” with “only sparing references to the nature of 19 the communications” insufficient to state a claim for invasion of privacy under the 20 California Constitution); see also In re Yahoo Mail Litig., 7 F.Supp.3d 1016, 1040 (N.D. 21 Cal. 2014) (“To the extent Plaintiffs claim a legally protected privacy interest and 22 reasonable expectation of privacy in email generally based on the mere fact that Yahoo 23 intercepted and distributed their emails, regardless of the specific content in the emails, 24 Plaintiffs’ claim fails as a matter of law.”). 25 Here, Plaintiff alleges that “Sensitive and confidential information that Plaintiff and 26 Class Members intended to keep private has been compromised, undermining the 27 fundamental confidentiality of the relationship.” FAC ¶ 126. However, as explained above, 28 Plaintiff’s factual allegations show only that she used Defendant’s website, but not how 1 she used it or what her visits revealed about her healthcare information. See id. ¶ 72-74. 2 Because Plaintiff has not alleged specific private information, the Court cannot analyze 3 whether the alleged intrusion upon that information is so egregious as to constitute a breach 4 of social norms. See Jones, 751 F.Supp.3d at 1043. Thus, the Court GRANTS Defendant’s 5 motion to dismiss Count III of the FAC on the grounds that Plaintiff has not alleged a 6 serious intrusion upon privacy. 7 D. Count IV: Use of a Pen Register or Trap and Trace Device 8 Defendant argues that Plaintiff’s fourth claim for use of a pen register or trap and 9 trace device should be dismissed on the grounds that Plaintiff has failed to allege sufficient 10 facts to state a claim under the statute. Mot. at 2. The Court disagrees, finding that Plaintiff 11 has plausibly alleged all elements of that cause of action. 12 To state a claim for improper use of a pen register or trap and trace device, a plaintiff 13 must allege that a defendant used a “device or process” capable of recording “dialing, 14 routing, addressing, or signaling information […] but not the contents of a communication” 15 from a “wire or electronic communication” without a court order. Cal. Penal Code 16 § 638.50-51. Data capable of being associated with a user’s identity falls within the 17 statutory definition of addressing information. Shah v. Fandom, Inc., 754 F.Supp.3d 924, 18 929 (N.D. Cal 2024) (finding that plaintiff stated a claim for violation of Cal. Penal Code 19 § 638.51 by alleging a website used software that tracked her internet protocol (“IP”) 20 address). The Meta Pixel software meets the statutory definition of a pen register or trap 21 and trace device because it is “software that identifies consumers, gathers data, and 22 correlates that data through unique ‘fingerprinting.’” Zarif v. Hwareh.com, Inc., 789 23 F.Supp.3d 880, 898 (S.D. Cal. 2025) (quoting Greenley v. Kochava, Inc., 684 F.Supp.3d 24 1024, 1050 (S.D. Cal 2025); see also Moody v. C2 Educational Systems Inc., 742 25 F.Supp.3d 1072, 1077 (C.D. Cal. 2024) (finding that software that tracked browser and 26 device data and form data met the definition of a pen register or trap and trace device). 27 Thus, a plaintiff may state a claim for violation of § 638.51 by alleging that a defendant 28 1 used the Meta Pixel on their site and that the Meta Pixel tracked record or identifying 2 information regarding their use of the site. See id. 3 Here, Plaintiff alleges that Defendant installed the Meta Pixel on their website and 4 that it tracked information related to her visit to the site and her Facebook ID. FAC ¶ 72- 5 74. These allegations are sufficient to state a claim for Use of a Pen Register or Trap and 6 Trace Device because they plausibly show that Defendant used a device to record or 7 capture addressing information without a court order. See Zarif, 789 F.Supp.3d at 898. 8 Defendant does not raise any other grounds for dismissal regarding Count IV of Plaintiffs 9 complaint. See generally Mot. Thus, the motion to dismiss Count IV is DENIED. 10 E. Count V: Violation of California’s Confidentiality of Medical Information Act 11 Defendant argues that Plaintiff’s fifth cause of action under the California 12 Confidentiality of Medical Information Act (“CMIA”) should be dismissed because 13 Plaintiff has not alleged sufficient facts to show private medical information. Mot. at 25. 14 The Court agrees. 15 The CMIA defines actionable medical information as information “regarding a 16 patient’s medical history, mental health application information, reproductive or sexual 17 health application information, mental or physical condition, or treatment.” Cal. Civ. Code 18 § 56.05(1). The CMIA’s definition of protected information “does not encompass 19 demographic or numeric information that does not reveal medical history, diagnosis, or 20 care.” Eisenhower Med. Ctr. v. Superior Ct., 226 Cal. App. 4th 430, 435 (2014). 21 Here, as explained above, Plaintiff alleges only that she visited Defendant’s website 22 and that those visits constitute protected medical information. FAC ¶ 72-74. However, 23 Plaintiff does not allege what actionable medical information her visits revealed. See Cal. 24 Civ. Code § 56.05(1). Without allegations of any specific information that could reveal 25 medical history, diagnosis, care, or patient status, the Court cannot find that Plaintiff has 26 plausibly stated a claim under the CMIA. See Eisenhower Med. Ctr., 226 Cal. App. 4th at 27 435. Thus, the Court GRANTS Defendant’s motion to dismiss Count V of the FAC. 28 // l IV. CONCLUSION 2 For the foregoing reasons, Defendant’s motion to dismiss is GRANTED as to 3 ||Counts I, HU, UI, and V and DENIED as to Count IV. At the hearing on this motion, 4 || Plaintiff's counsel stated that Plaintiff could readily remedy the issues with Counts I, II, 5 || I, and V given leave to amend. The Court thus GRANTS leave to amend, finding that it 6 || would not be futile. The Court does not reach the remainder of Defendant’s arguments for 7 || dismissal or the motion to strike the CMIA class allegations today, finding it appropriate 8 ||to address those arguments after Plaintiff has alleged an actionable factual basis for her 9 || privacy-related claims. 10 IT IS SO ORDERED. 11 12 Dated: November 21, 2025 7 Se 4. 13 Honorable James E. Sunmons Jr. 14 United States District Judge 15 16 17 18 19 20 21 22 23 24 25 26 27 28