Facebook collects medical information from hospital websites

0

A tracker on about a third of hospital websites in the United States has sent private patient information to Facebook, based on an investigative report jointly released by STAT and The Markup.

The tracker, known as Meta Pixel, has been identified in online appointment calendaring features at 33 of Newsweek’s Top 100 U.S. hospitals; in 7 of these hospitals, the tracker was also linked to the hospital’s patient portal function. Most patient portals include details such as test results, medications, allergic reactions, and upcoming appointments.

Meta Pixel is a small piece of computer code that tracks users’ activities on a website, including the pages they select, the buttons they click, and the information they enter into online forms. Meta Pixel exists in more than 30% of websites overall, not just hospital ones, according to The Markup report.

In exchange for installing Meta Pixel, website owners gain access to analytics about their users, as well as tools to target ads on Facebook and Instagram to website users.

Markup researchers explained that the Meta Pixel routes personal information to Facebook through scripts running in your internet browser. Each packet of data, such as online appointment scheduling, is connected to an IP address tied to an individual or household, and Facebook receives an acknowledgment of the appointment request based on that IP address. .

The Markup report included data from an ongoing project involving patient accounts created by journalists and Mozilla Rally volunteers. In one example, when an individual clicked to complete the appointment booking on a doctor’s page at one of the hospitals, “the pixel sent Facebook not only the doctor’s name and their area of ​​medicine , but also the first name, last name, e-mail address, telephone number, postal code and city of residence that we entered in the booking form,” the authors reported.

“Additionally, if a patient is logged into Facebook when visiting a hospital website where a Meta Pixel is installed, some browsers attach third-party cookies – another tracking mechanism – that allow Meta to link the data pixel to specific Facebook accounts,” the authors wrote.

According to the authors, HIPAA includes IP addresses as one of its identifiers that can be considered protected health information, which cannot be shared by hospitals except under restricted commercial agreements.

Several hospitals, but not all of those contacted, responded to The Markup’s request for comment, as follows:

“The security of our patients’ health information is a top priority. None of our protected patient health information is disclosed through this pixel,” said Lauren Zakalik, director of public relations and media strategy at Henry Ford Hospital in Detroit, Michigan.

“As our further review of the matter is ongoing, we have chosen to remove the pixel for now to ensure that we are doing everything we can to protect the privacy of our patients while we evaluate,” said Stefanie Asin, Director of Communications and Public Relations. , and Creative Services, Houston Methodist Hospital, Houston, Texas.

“Use of this type of code has been verified and is referenced in the NM.org Terms and Conditions,” said Christopher King, director of media relations at Northwestern Memorial Hospital, Chicago, Illinois.

Notably, the Meta Pixel Terms of Service state that the pixel collects personal information for various purposes, according to The Markup’s reporting team.

The report was limited by including only 100 hospitals; “Data sharing likely affects many more patients and institutions than we have identified,” the authors wrote.

As part of the current report and ongoing investigation into medical data sharing, The Markup investigative team is conducting a crowdsourced project with Mozilla Rally to document how Meta Pixel sends patient data to Facebook. This project continues until mid-July.

The Markup authors had no financial disputes to disclose.

Markup/STAT. Published online June 16, 2022. Article

Heidi Splete is a freelance medical journalist with 20 years of experience.

For more news, follow Medscape on Facebook, TwitterInstagram, YouTube and LinkedIn

Share.

Comments are closed.