Naomi Diaz 6/16/22

A tracking tool installed on some hospital websites has been gathering patients’ protected health information and sharing it with Facebook, The Markup reported June 16. 

A report analyzed 100 of the top hospital sites and found that 33 had installed a tracker called Meta Pixel, which sends Facebook patients’ data when people schedule appointments, which could include IP addresses, physicians’ names and search terms used to find the physician.  

The patient data is sent to Facebook in exchange for analytics about the ads that the health system places on Facebook and Instagram, according to the Markup report. 

The report also found that at seven hospitals the Meta Pixel tracker was installed inside password-protected patient portals. 

Former regulators, health data security experts and privacy advocates say that the hospitals and health systems that have installed this tracker may have violated HIPAA, which prohibits covered entities from sharing patient identifiable health information with third parties like Facebook, unless consent is given. 

The report did not find evidence that the health systems nor Facebook were obtaining patients’ consent.

The list of hospitals and health systems that have implemented this tracker can be found here.

LINK