Hospital websites are sending medical information to Facebook - The Verge
Many hospital websites use a tracker called the Meta Pixel that sends information to Facebook. An investigation from The Markup found that the tracker is sending health information that might constitute a HIPAA violation.
Many hospital websites have a tracking tool that sends sensitive medical information to Facebook when people schedule appointments, according to an investigation by The Markup. Experts say that the hospitals using the tool may be violating the medical privacy law the Health Insurance Portability and Accountability Act, or HIPAA.
The Markup found that 33 of the top 100 hospitals in the United States were using a tracker called the Meta Pixel on their websites. Installing the Meta Pixel gives groups access to analytics about Facebook and Instagram ads but also tracks how people are using their websites: the buttons they click, the information they put in forms, and so on.
On hospital websites, that could include sensitive health information connected to a patient’s IP address. On one hospital website, clicking the scheduling button sent Facebook a doctor’s name and the condition — “Alzheimer’s” — that the appointment was scheduled for.
In seven health systems, the Meta Pixel was installed in patient portals, which require a login and include detailed health records. The Markup found that Facebook was getting information on one patient’s doctor’s name and appointment time and on another’s allergic reactions to specific medications.
Under HIPAA, hospitals aren’t allowed to share identifiable health information with third parties without patients’ consent. They can use and share anonymized data (and often do). But information linked to an IP address can classify data as identifiable health information, which has additional protections. “Even if perhaps there’s something in the legal architecture that permits this to be lawful, it’s totally outside the expectations of what patients think the health privacy laws are doing for them,” Glenn Cohen, faculty director of Harvard Law School’s Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics, told The Markup.