This article is copublished with STAT. Read on our collaborator's site Meta is facing mounting questions about its access to sensitive medical data that found the company’s pixel tracking tool collecting details about patients’ doctor’s appointments, prescriptions, and health conditions on hospital websites. following a Markup investigation During a Senate Homeland Security and Governmental Affairs Committee , Sen. Jon Ossoff (D-GA) requested that Meta—the parent company of Facebook and Instagram—provide a “comprehensive and precise” accounting of the medical information it keeps on users. hearing on Wednesday “There’s been substantial public reporting, controversy, and concern about the Meta Pixel product and the possibility that its deployment on various hospital systems’ websites, for example, has enabled Meta to collect private health care data,” Ossoff said. “We need to understand, as the U.S. Congress, whether or not Meta is collecting, has collected, has access to, or is storing, medical or health data for U.S. persons,” he added. In response to Ossoff’s question about whether Meta has medical or health care data about its users, Meta chief product officer Chris Cox responded, “Not to my knowledge.” Cox also promised to follow up with a written response to the committee. In June, The Markup that Meta Pixels on the websites of 33 of Newsweek’s top 100 hospitals in America were transmitting the details of patients’ doctor’s appointments to Meta when patients booked on the websites. reported We also found Meta Pixels inside the password-protected patient portals of seven health systems collecting data about patients’ prescriptions, sexual orientation, and health conditions. Former regulators told The Markup that the hospitals’ use of the pixel may have violated the Health Information Portability and Accountability Act (HIPAA) prohibitions against sharing protected health information. “Advertisers should not send sensitive information about people through our Business Tools,” Meta spokesperson Dale Hogan wrote to The Markup in an emailed statement. “Doing so is against our policies and we educate advertisers on properly setting up Business tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect.” Since The Markup’s Investigation: As of Sept. 15, 28 of the 33 hospitals have removed the Meta Pixel from their doctor booking pages or blocked it from sending patient information to Facebook. At least six of the seven health systems had also removed the pixels from their patient portals. The Markup reached out to the institutions who removed the pixel from their websites after our investigation published in June. As of press time, three institutions—Sanford Health, El Camino Health, and Henry Ford Health—had responded. Read their statements . here One health system, North Carolina–based Novant Health, mailed data breach notifications to following The Markup’s report. In the breach notification, Novant Health stated the pixel was added as part of a promotional campaign to encourage use of Novant’s MyChart patient portal, but “the pixel was configured incorrectly and may have allowed certain private information to be transmitted to Meta.” On Sept. 16, Novant amended its data breach notification post to state that Meta informed the provider that it “generally” filtered out patients’ sensitive medical information and that it did “not have information to return or destroy.” 1.3 million customers The North Carolina attorney general’s office the hospitals’ data sharing after calls from state lawmakers for a probe. stated it was “actively investigating” At least five class action lawsuits have been filed against Meta contending that the pixel’s data collection on hospital websites broke various state and federal laws. One, on behalf of a Baltimore-based MedStar Health System patient, claims that Meta Pixels collected patient information from at least 664 different hospitals’ websites. The other lawsuits were brought on behalf of patients of and hospitals in , , and . filed against the company Novant Health San Francisco Los Angeles Chicago “We Do Not Have an Adequate Level of Control” Meanwhile, developments in another legal case suggest Meta may have a hard time providing the Senate committee with a complete account of the sensitive health data it holds on users. In March, two Meta employees testifying in a case about the Cambridge Analytica scandal told the U.S. District Court for the Northern District of California that it would be very difficult for the company to track down all the data associated with a single user account. “It would take multiple teams on the ad side to track down exactly the—where the data flows,” one Facebook engineer said, according to the , which was first reported by . “I would be surprised if there’s even a single person that can answer that narrow question conclusively.” transcript The Intercept The engineers’ comments echo the same worries expressed in a 2021 privacy memo written by Facebook engineers that was . leaked to Vice “We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose,’ ” the memo’s authors wrote. . This article was copublished with STAT, a national publication that delivers trusted and authoritative journalism about health, medicine, and the life sciences. Sign up for its health tech newsletter, delivered Tuesday and Thursday mornings, here: https://www.statnews.com/signup/health-tech/ Credits: and Todd Feathers Simon Fondrie-Teitler First published here Photo by on Colin Lloyd Unsplash

The Markup Wins Award for Their Investigations Into Amazon

How Dangerous Is It to Be Gig Worker?

Every dollar you donate helps support The Markup’s work.

Read My Stories

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

Hospitals Remove Facebook Tracker but Questions Still Remain

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

How to Use Sound and AI to Protect the Environment

The Noonification: How Often Do NFTs Pass The Howey Test? (1/13/2023)

03/09/2018: Biggest Stories in the Cryptosphere

The Noonification: Immigrant Teens Are Working Dangerous Night Shifts in Factories (11/21/2022)

The Noonification: How to Implement a Merkle Tree in Solidity (11/12/2023)

How to Use Sound and AI to Protect the Environment

The Noonification: How Often Do NFTs Pass The Howey Test? (1/13/2023)

03/09/2018: Biggest Stories in the Cryptosphere

The Noonification: Immigrant Teens Are Working Dangerous Night Shifts in Factories (11/21/2022)

The Noonification: How to Implement a Merkle Tree in Solidity (11/12/2023)

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps