Hospital Websites Send Health Data to Facebook

An alarming number of hospital websites use a tracking tool to collect and send private patient data to Facebook. According to an investigation by The Markup, 33 out of 100 hospitals use the Meta Pixel tracker to collect information on prescriptions, medical history, appointments, and other personal details.

The Markup, a nonprofit newsroom, discovered that a third of the investigated US hospitals send a packet of data to Facebook whenever someone makes an online appointment. Even more alarming is that a few hospitals also implemented the Meta Pixel tracker inside the online patient portals that are protected by unique passwords.  

Meta Pixel is known for logging data, but how far does it go? It goes as far as potentially breaking the Health Insurance Portability and Accountability Act. 

What Is Meta Pixel?

Meta Pixel is a tracker that logs what you do on certain websites. It registers the pages you visit, the buttons you click on, what you type into the forms, and much more. It sounds scary when you think about it, but it might surprise you to know that many websites use it. Meta Pixel is mostly a marketing tool, so Facebook probably already collected some data from you even if you never visited one of the hospital websites in question.

Meta Pixel can identify you through your IP address. Then, it gathers information on your browsing habits and online actions to feed the advertising giants Facebook and Instagram, both owned by Meta. In exchange for installing this tracker, the website owners get analytics that helps them improve their ad placements and target whoever visited their sites.

On top of that, if you’re logged into your Facebook account while browsing one of these websites, most browsers will install tracking cookies to link the data from the Meta Pixel to your Facebook account. Tracking cookies make it even easier for Facebook to identify you and learn a lot of personal details about you.

Meta Pixel Collects Private Health Information

The Markup revealed in their report that Meta Pixel collects private information that is supposed to be password-protected and, therefore, private. The tracker logs the name of the doctor, the medical reason for the appointment, descriptions of symptoms and allergic reactions, and even details about the medication. Neither Meta nor the hospitals have asked for explicit permission to share such data.

The patient who visits the website isn’t the only target. The Meta Pixel tracker also collects the doctor’s information through the online appointment process, t. In other words, Facebook will get data on your doctor, including their name, phone number, medical specialization, and email address.

Glen Cohen, the faculty director of Harvard Law School’s Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics says that:

“Almost any patient would be shocked to find out that Facebook is providing an easy way to associate their prescriptions with their name.”

Is this even legal? Many patients, if not most of them, don’t even know that Facebook has easy access to their prescriptions and medical data. Can hospital websites simply send information to Meta without your consent? It’s a tricky question that doesn’t have a simple answer.

Possible Legal Repercussions

Most health information falls under protected data regulations. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) lists 18 personal identifiers that are protected health information if used in relation to your healthcare. Basically, hospitals aren’t allowed to share your name, address, social security number, phone number, and other personal identifiers with third parties like Facebook. But some of them do it anyway by using the Meta Pixel tracker.

Iliana Peters, a privacy lawyer who led the HIPAA enforcement for the Office for Civil Rights had this to say:

“Generally, HIPAA-covered entities and business associates should not be sharing identifiable information with social media companies unless they have HIPAA authorization [from the individual] and consent under state law.”

Nonetheless, this isn’t the first time Facebook was caught collecting medical data from hospital websites. On these grounds, several class-action lawsuits were filed against Facebook from 2016 to 2019 with limited success. In 2019 a group of plaintiffs won an $18.4 million settlement against Partners Healthcare System, now Mass General Brigham. The hospital paid the settlement but refused to admit breaching patients’ private data.

Data collection reaches new heights every year, and governments always seem to react too slowly to protect your personal information. Fortunately, you can take the matter into your hands and stop the likes of Facebook from exploiting you.  

Protect Your Digital Identity

Start using a VPN to hide your IP address. Trackers like Meta Pixel use your IP to link data to you and learn about you and your household. Get CyberGhost VPN to access 116 server locations and replace your IP with one from 91 countries around the world.

CyberGhost VPN also encrypts your data with military-grade encryption that will prevent anyone without authorization from accessing your traffic. Become a digital ghost and reroute your data through a protected tunnel to prevent Facebook from using your private information.

Try CyberGhost VPN Risk-Free