Source: The Markup
Reports suggest that a tracking tool installed on the websites of certain hospitals has been taking part in collection of sensitive health information of patients and sending it to Meta’s Facebook. Essentially, this data includes details about patient’s medical conditions, doctor’s appointments, along with prescriptions. After testing the websites of Newsweek’s top 100 hospitals in America, about 33 had the tracker ‘Meta Pixel.’
Reportedly, this tracker sends Facebook a set of information whenever an individual clicks the option to schedule an appointment with the doctor. This data is linked to an IP address, which creates an intimate receipt of the appointment request for the social media platform. For instance, on University Hospitals Cleveland Medical Center’s website, selecting the ‘schedule online’ option prompts Meta Pixel to send Facebook the details. The text of this button may contain the doctor’s name along with the search term one might use to find the doctor eg: ‘pregnancy termination.’
Additionally, many discovered Meta Pixel installed in portals which were password-protected of at least seven health systems. Five out of those showed pixel sending Facebook information about real patients volunteering to participate in the ‘Pixel Hunt project.’ The data hospitals received were that of patients’ names, medications, along with details of ailments and future appointments.
“I am deeply troubled by what [the hospitals] are doing with the capture of their data and the sharing of it,” said David Holtzman, a health privacy consultant.
Privacy advocates, health data security experts, along with former regulators stated that the concerned hospitals may have been in violation of the federal Health Insurance Portability and Accountability Act (HIPAA). This law mainly prohibits covered organisations such as hospitals from sharing such health information with third parties. Only exceptions lies in an individuals having given prior consent, under some contracts.
However, neither Meta nor the hospitals confirmed having such contracts in question, and there was no proof of either having otherwise gained the express consent of patients. University Hospitals Cleveland Medical Centre spokesperson George Stamatis gave a short statement. He noted how the hospital ‘comports’ with every necessary ‘federal and state laws and regulatory requirements.’
Following the report, Froedtert Hospital’s spokesperson confirmed that the hospital removed Meta Pixel from its websites. As of this Wednesday, six more removed it from their appointment booking pages, with five out of seven health systems removing it from their patient portals.
Moreover, the 33 hospitals reviewed while studying Meta Pixel, reported over 26 million patient admissions and visits in the year 2020, as shown in data available.
