Technology November 2022
It's All About the Ads
Are hospitals sending your info to Facebook?
Written by Celes Keene
A recent test conducted by independent journalism site The Markup discovered 33% of the hospitals rated to be the “Best in the United States” by Newsweek were found to be sending consumer’s private medical data to Facebook via Meta’s popular website tool, Meta Pixel.
The Use of Meta Pixel by Hospitals
Meta Pixel, previously known as Facebook Pixel up until about February 2022, is a popular website analytics tool. Website analytics tools are incredibly important to determine how to best drive traffic and capture audiences on the web. Meta Pixel is perhaps best known for its expertise in “remarketing.” Remarketing is the strategy that reminds shoppers if they have left items in their shopping carts.
The Markup was able to determine that, when patients scheduled appointments on hospital websites, Facebook was receiving that information. Via Meta Pixel, Facebook was able to receive the information because Meta Pixel was tracking the appointment scheduling. Many of the hospitals also had various other trackers on their websites. By reviewing the IP addresses sent to Facebook, The Markup was able to determine that hospitals were sending the information such as patient IP addresses, doctors visited, appointment information, and sometimes the first and last name of the patient.
With the patients sometimes being children, experts say that Meta could be in violation of the Health Insurance Portability and Accountability Act, or HIPAA, which is responsible for a majority of privacy protection in the health care industry.
The Markup noted that, when it reached out to certain hospitals, Meta Pixel remained on some hospital websites.
Meta Pixel and FAFSA Data
This is not the first time Meta Pixel has come under federal scrutiny. In 2018, Facebook responded to government inquiries regarding Meta Pixel, admitting that the tool was working on more than two million websites. The Markup similarly revealed that Meta Pixel was embedded in the Department of Education’s Free Application for Federal Student Aid, or FAFSA, application site, which meant that Meta was receiving personal information regarding FAFSA.
Meta has tried to deflect responsibility for the potential privacy breaches, preferring to shift the blame to the companies that embed Meta Pixel into their websites. Meta has stated that it is against company policy to receive such sensitive data and that its systems are designed to block and filter out sensitive information to avoid liability.
Reluctancy by Website Owners to Stop Use of Meta Pixel
Despite all of this, most advertisers are still reluctant to remove Meta Pixel from their websites due to the lucrative leads it provides. As targeted ads comprise the majority of revenue earned by websites, it makes sense that these websites, even hospitals, are reluctant to remove the web tool. While The Markup is doing admirable work in uncovering the data collection oversight, many privacy experts worry that, with this revelation, such sensitive data could now be vulnerable to attack by hackers. Moreover, experts note that child patients have no control over the dissemination of their personal information if a parent chooses to use the offending websites.
Key Takeaways on the Use of Meta Pixel on Consumer
Meta Pixel is a popular website analytics tool that has been revealed to be leaking private information and data. Consumers should be aware that:
Meta Pixel provides websites with targeted advertising leads and website owners are reluctant to stop using the tool;
Many companies, including hospitals, continue to use Meta Pixel even though it is possible HIPAA violations have occurred with such use; and
Meta Pixel defends itself by indicating it is against its policy to receive sensitive data and pushes blame to the users of the tool. TBJ
This article, which was originally published on Klemchuk’s Ideate Blog, has been edited and reprinted with permission.
CELES KEENE is of counsel to Klemchuk in Dallas. Her practice focuses on intellectual property and internet law, e-commerce, and data privacy. Keene has also served as in-house counsel in the telecommunications industry.