“This is an extreme example of exactly how far the tentacles of Big Tech reach into what we think of as a protected data space,” said Nicholson Price, a University of Michigan law professor who studies big data and health care. Our investigation was limited to just over 100 hospitals the data sharing likely affects many more patients and institutions than we identified.įacebook itself is not subject to HIPAA, but the experts interviewed for this story expressed concerns about how the advertising giant might use the personal health data it’s collecting for its own profit. The 33 hospitals The Markup found sending patient appointment details to Facebook collectively reported more than 26 million patient admissions and outpatient visits in 2020, according to the most recent data available from the American Hospital Association. University Hospitals Cleveland Medical Center spokesperson George Stamatis did not respond to The Markup’s questions but said in a brief statement that the hospital “comport with all applicable federal and state laws and regulatory requirements.”Īfter reviewing The Markup’s findings, Froedtert Hospital removed the Meta Pixel from its website “out of an abundance of caution,” Steve Schooff, a spokesperson for the hospital, wrote in a statement.Īs of June 15, six other hospitals had also removed pixels from their appointment booking pages and at least five of the seven health systems that had Meta Pixels installed in their patient portals had removed those pixels. “I cannot say is for certain a HIPAA violation. Department of Health and Human Services’ Office for Civil Rights, which enforces HIPAA. “I am deeply troubled by what are doing with the capture of their data and the sharing of it,” said David Holtzman, a health privacy consultant who previously served as a senior privacy adviser in the U.S. Neither the hospitals nor Meta said they had such contracts in place, and The Markup found no evidence that the hospitals or Meta were otherwise obtaining patients’ express consent. The law prohibits covered entities like hospitals from sharing personally identifiable health information with third parties like Facebook, except when an individual has expressly consented in advance or under certain contracts. Advertisementįormer regulators, health data security experts, and privacy advocates who reviewed The Markup’s findings said the hospitals in question may have violated the federal Health Insurance Portability and Accountability Act (HIPAA). The data sent to hospitals included the names of patients’ medications, descriptions of their allergic reactions, and details about their upcoming doctor’s appointments.
Ublock origin firefox install#
The project is a crowd-sourced undertaking in which anyone can install Mozilla’s Rally browser add-on in order to send The Markup data on the Meta Pixel as it appears on sites that they visit. On five of those systems’ pages, we documented the pixel sending Facebook data about real patients who volunteered to participate in the Pixel Hunt project, a collaboration between The Markup and Mozilla Rally. The Markup also found the Meta Pixel installed inside the password-protected patient portals of seven health systems. The MarkupOn the website of University Hospitals Cleveland Medical Center, for example, clicking the “Schedule Online” button on a doctor’s page prompted the Meta Pixel to send Facebook the text of the button, the doctor’s name, and the search term we used to find her: “pregnancy termination.”Ĭlicking the “Schedule Online Now” button for a doctor on the website of Froedtert Hospital, in Wisconsin, prompted the Meta Pixel to send Facebook the text of the button, the doctor’s name, and the condition we selected from a dropdown menu: “Alzheimer’s.”
0 kommentar(er)
