By Dave Muoio
June 21, 2022
Source: Fierce Health Care
Photo Source: Unsplash, D. Solomin
After an investigation found Facebook's discreet tracker active among 33 of the top 100 hospitals' online scheduling tools, an anonymous patient is seeking damages on behalf of "millions" of patients whose data was collected by "at least 664 hospital systems or medical provider web properties."
Facebook parent company Meta was hit with a class action lawsuit late last week alleging the tech company has been collecting sensitive patient-status data through hospital websites in violation of the Health Insurance Portability and Accountability Act (HIPAA).
The case was filed on Friday in the Northern District of California by an anonymous patient of Baltimore’s Medstar Health System on the behalf of “millions of other Americans whose medical privacy has been violated by Facebook’s Pixel tracking tool.” The filing came just days after the publication of an investigation by The Markup detailing how the tech company’s analytics tool was found on roughly a third of the country’s top hospitals’ websites.
Both the report and the lawsuit detailed the tracker’s collection of identifiable information such as IP addresses alongside other potentially sensitive information including doctor names and recent web activity related to their health conditions. The two documents also said that patients using provider websites with the tracker would not have consented to the collection of these data.
While The Markup and experts cited in its group characterized the practices as a likely HIPAA violation, the class action was more explicit in its claims. “Facebook is aware that it is receiving patient data from hundreds of different medical providers in the United States without patient knowledge, consent or valid HIPAA authorizations,” the plaintiff wrote in the lawsuit.
The plaintiff also said that they have identified “at least 664 hospital systems or medical provider web properties where Facebook has received patient data via the Facebook Pixel” as of the Friday filing.
The anonymous plaintiff asked the court to award compensatory and punitive damages related to an alleged breach of contract, constitutional invasion of privacy, violation of the Electronic Communications Privacy Act, violation of the California Invasion of Privacy Act and other allegations.
Fierce Healthcare has reached out to Meta for comment. Facebook has been collecting potentially sensitive health data through a tracker that, until recently, was included in the online scheduling tools of roughly a third of the country’s top hospitals, according to a new report from nonprofit investigative newsroom The Markup. Called the Meta Pixel, the tracker is an analytics tool Facebook’s parent company offers website owners. In exchange for social media advertising information, the tracker sends the tech company data on users’ IP addresses and webpage activity.
The Markup reviewed the appointment scheduling webpages of 100 leading hospitals and found the Meta Pixel on 33, according to the report. These hospitals collectively saw over 26 million patient admissions and outpatient visits in 2020, per American Hospital Association survey data cited by the publication.
The group also found the tracker within the password-protected patient portals of seven major health systems, five of which they were able to document sending the personal data of real volunteer patients.
IP addresses, doctor names, appointment times, medication information, search terms and connections to users’ Facebook accounts were all among the data being collected and sent to the tech company, according to the report, which was co-published with digital publication Stat. There were reportedly no specific contracts or other evidence that patients were providing consent to these data being collected. Health privacy consultants and advocates cited in the report said they were troubled by the data collection practices but stopped short of definitively declaring the tracker to be a HIPAA violation.
The organization reached out to the hospitals and health systems that had the Meta Pixel on their webpages. As of the time of the report’s publication, seven hospitals and five health systems had removed the Meta Pixel from their webpage after being contacted.
Some reportedly replied to inquiries by referencing safeguards installed by Facebook to filter out sensitive health data prior to transmission. Some of these organizations still removed the tracker from their webpages.
The Markup noted a February investigation from the New York Department of Financial Services reporting the poor accuracy of Facebook’s sensitive data filtering system.
Facebook parent company Meta did not respond to questions from The Markup regarding how the data were being used but referenced its policy to remove potentially sensitive health data via the filtering tool.
Facebook also acknowledges that the Meta Pixel and other tracking tools collect users’ personally identifiable information in its business tools terms of service.
How can such practices impact your health? How? Why?
If this article was helpful to you, donate to the Shidonna Raven Garden and Cook E-Magazine Today. Thank you in advance. Share the wealth of health by sharing this article with 3 of your family or friends today.