Facebook may have access to the medical records of millions of unknowing Americans who never signed off on that arrangement, a report said.
The data, which is being collected by Meta Pixels in password-protected patient portals, included names of medications being taken, descriptions of allergic reactions, and upcoming doctor’s appointments, The Markup reported.
The federal Health Insurance Portability and Accountability Act (HIPAA) makes it illegal for hospitals to share personally identifiable health data with Facebook and others unless an individual has consented to it.
The Markup reported that it tested websites from Newsweek’s top 100 U.S. hospitals and found Facebook’s Meta Pixel was on 33 of the websites. The Meta Pixel sends Facebook information linked to an IP address, which identifies individual computers and may be traceable back to an individual or household.
The pixel tracks not only the IP address of the computer being used but also what doctors are searched for and search terms added to search boxes or selected from dropdown menus.
"By now, most people are aware that if they 'like' a certain page on Facebook, it gives the social media giant information about them," Dr. Joseph Mercola noted. " 'Like' a page about a particular disease, for instance, and marketers may begin to target you with related products and services."
But, Mercola added, "Facebook may be collecting sensitive health data in far more insidious ways as well, including tracking you when you’re on hospital websites and even when you’re in a personal, password-protected health information portal like MyChart."
By June 15, at least seven of the hospitals that The Markup contacted said they had removed pixels from their appointment booking pages, while at least five of the health systems with Meta Pixels on their patient portals had removed the pixels.
The Markup found that more than 26 million patient admissions and outpatient visits had been shared by the 33 hospitals using Meta Pixels, and that’s likely conservative.
The Markup reported: “Our investigation was limited to just over 100 hospitals; the data sharing likely affects many more patients and institutions than we identified.”
Any time you browse the Internet you’re likely to come across a Meta Pixel. They are found on more than 30% of the most popular websites.
The Markup's report noted examples of the tests it conducted to find out what data was being collected by the Facebook Meta Pixel:
“On the website of University Hospitals Cleveland Medical Center, clicking the 'Schedule Online' button on a doctor’s page prompted the Meta Pixel to send Facebook the text of the button, the doctor’s name, and the search term we used to find: 'pregnancy termination.' "
“Clicking the 'Schedule Online Now' button for a doctor on the website of Froedtert Hospital, in Wisconsin, prompted the Meta Pixel to send Facebook the text of the button, the doctor’s name, and the condition we selected from a dropdown menu: 'Alzheimer’s.' "
Novant Health, which removed the pixel after being contacted by The Markup, stated: “We appreciate you reaching out to us and sharing this information. Our Meta pixel placement is guided by a third party vendor and it has been removed while we continue to look into this matter.”
David Holtzman, a former senior privacy adviser in the U.S. Department of Health and Human Services’ Office for Civil Rights, told The Markup: “I am deeply troubled by what [the hospitals] are doing with the capture of their data and the sharing of it. I cannot say [sharing this data] is for certain a HIPAA violation. It is quite likely a HIPAA violation.”
Action . . . . Intelligence . . . . Publish