Until recently, trackers were installed on the websites and portals of at least 33 US hospitals through which patient data was sent to Facebook. to write The Markup. The social media company received details about doctor’s appointments, allergies, and illnesses.
Themarkup press organization to examine The 100 best hospitals in the US compiled by Newsweek and found that 33 of those hospitals had a tracking pixel from Meta, the parent company of Facebook, installed on its website. According to The Markup, this pixel, the Meta Pixel, in some cases collected the name of the doctor the patient wanted to make an appointment with, as well as the medical search term the Internet user searched for on the hospital’s website. In other cases, the potential disease, which patients can indicate in the drop-down list, has also been sent to the Meta.
According to The Markup, tracking pixels have also been installed in seven online patient portals that can only be accessed using a username and password. In five of the seven cases, the names of the medications were sent, as well as a description of the allergic reactions and information about future doctor’s appointments. In total, these 33 hospitals sent more than 26 million registrations of patient admissions and outpatient visits to the Meta in 2020, according to The Markup.
According to privacy experts, these hospitals may have violated a US law called the Health Insurance Portability and Accountability Act. This law states that US hospitals may not share patient data with third parties if it is not anonymous. This is only allowed if the patient gives express and prior consent. According to The Markup, hospitals do not have such consents from patients.
At the time of writing, seven out of 33 hospitals have removed the Meta tracking pixel. The social media company stated in a response that it removes privacy-sensitive health data if it is incorrectly forwarded by Meta Business Tools users.