Angry, betrayed, devastated! Were Her Confidential Medical Records Exposed On Facebook By Hospital?
She didn’t know that when she made the appointment, the clinic was using the Meta Pixel on its website, which violated HIPPA privacy rules and transmitted all of her most intimate medical information to Facebook.
When she woke up this morning she had no way of knowing her life had now just taken a turn for the worse.
She turned her laptop on and gasped!
To her shock and horror, her most private medical details blanketed social media for all to see. STD tests, drug tests, cancer diagnosis, physical condition, heart problems … you name it. Her most intimate medical details were there for anyone and everyone to see. Marketers, advertisers, friends, family, strangers, and even her employer.
How did it get there?
Her hospital and doctor’s office gave it to Facebook. Without her permission, and without her knowledge.
She was angry, felt betrayed, and duped. And like tens of thousands of other Americans, her life was instantly ruined.
How would you feel waking up tomorrow morning to find this has just happened to you too?
Meta Pixel: A Blatant And Careless Violation Of Patient Privacy
The story above is an invention for color and storytelling. But for tens of thousands of hospital patients across America the story is far too real. These Americans are angry and rightfully enraged!
The people they trusted the most, hospitals and doctors’ offices, have betrayed them. Hospitals have leaked their medical information without their consent to Meta’s Facebook. This is a blatant and careless violation of privacy. As a result, Facebook now faces class action lawsuits.
But how did this happen?
To explain this, we first need to understand the actors in this medical privacy scandal.
Meta, formerly known as Facebook is a company that owns major social media platforms. These include Instagram, WhatsApp, and of course Facebook itself. Most people know these platforms as enjoyable social hubs. But the reality is that information gathering and marketing is Meta’s primary business. Their online toolbox includes hidden software designed to collect massive visitor data. These codes, tracking pixels, are at the forefront of this shocking privacy scandal.
Hundreds of major hospitals in the US have been using tracking pixels on their websites. Including private areas requiring user logins. The tracking pixels funnel private medical data back to Meta. And this is a major violation of HIPAA rules. The Health Insurance Portability and Accountability Act (HIPAA) governs medical privacy in America. Doctors cannot share private medical information without proper patient authorization and knowledge.
Facebook Meta Pixel Exposing A Shocking Medical Privacy Violation
The story began making the rounds after “The Markup” published an article about medical privacy violation. The Markup is a non-profit organization. It conducts data investigations and the impact on consumers. The Markup’s article exposed Facebook’s receiving of sensitive information from multiple hospital websites.
After testing the top 100 hospitals in America, they found that 33 used the Meta Pixel tracker. And the tracker was actively sending data back to Facebook.
Many of the hospitals, once made aware, expressed great concern. They announced to the public that they would remove the Meta Pixel from their web sites. Unfortunately, the vast majority refused to comment in any manner.
In short, these hospitals had a tracking pixel running in the background of their website. To be fair, some hospitals use third party developers to manage their sites. But this is no excuse and does not forgive the massive violation.
It’s a simple mistake that any webmaster can make. Install tracking pixels and receive valuable analytical data about site traffic. Most websites do it as a standard practice. But hospitals and medical clinics are a different matter.
The intentional design of a tracking pixel is to collect as much visitor data as possible. This includes behaviors, clicks, content viewed, visitor inputs, forms, and a lot more. However, the hospital trackers also captured the confidential information the patients filled in. The Markup found tracking pixels on appointment scheduling pages, and password-protected patient portals. This gave Facebook access to a wide variety of highly sensitive and information. Information like a patient’s medical condition or their prescribed medications.
What Medical Information Could The Meta Tracking Pixel Share?
The pixel was able to send a patient’s condition, name, and even the doctor the appointment was with. It’s creepy to think of how this information was later put to use. Facebook algorithms compare the user data of hundreds of millions of accounts. Individualized profiles include patients, family, friends, employers, colleagues, behaviors, interests, and much more. This allows targeting patients for pharmaceutical products or medical treatments. Insurers can use this information to deny coverage or justify higher premiums. Employers can fire employees for medical reasons, or refuse interviews to new candidates.
Simply requesting an appointment is enough to leak and link confidential data to a specific person.
The size and scope of the leak is most alarming. Discovered in early June of 2022, it’s unknown for how long trackers were being used by hospitals. Let alone how many hospitals, doctors offices, or clinics are involved.
One of the lawsuits claims that at least 664 healthcare used tracking pixels. This means the number of affected people could well be into the tens of thousands.
This is yet another controversy in a long list of Facebook violations. The impact has been a negative perception of Facebook and its policies at large. At this writing, two lawsuits are waiting on judicial certification. Settlements with affected patients could bring considerable damage to Meta’s bottom line.
Understanding HIPAA Policies And Rules – Why It’s Important To Patient Privacy
HIPAA is an acronym for the Health Insurance Portability and Accountability Act. It is US legislation providing data privacy for medical information. HIPAA came into effect in 1996. It overrides state laws on medical privacy unless state law is more strict than HIPAA itself.
HIPAA requires medical practitioners to inform patients and receive their consent before sharing. Medical information can only be shared with those who absolutely need it. Doctors must provide a list of anyone who will receive a patient’s protected health information.
Submitting data through a hospital’s website is not a violation of privacy in and of itself. The patient is after all agreeing to send the information to the medical provider. In this case however, patients had no way of knowing their information was being shared. Nor were they able to able to consent or choose an alternative. This is where the HIPAA breach happened.
HIPPA penalties vary based on the nature of the violation. Willful neglect of HIPPA policies can result in fines up to $50,000 per violation. This showcases the severity of the penalty and how serious medical privacy is. It demonstrates the importance for institutions to properly protect online privacy.
What Has Been The Impact Of Exposing Patient Medical Records?
The most immediate consequence has been the exposure of modern marketing practices.
Tracking pixels like Meta Pixel are marketing tools. They allow Facebook to target ads and products to the people most likely to respond or react. They give advertisers more bang for the buck. A higher return on their advertising investment. It doesn’t matter if you want the ad or not, Facebook makes the decision for you.
Patients saw their private medical information leaked to improve an advertiser’s investment. The leaked information made advertising efficient and cost effective.
But wait! That’s not all you get! Facebook also sells access to consumer data to third parties. These parties can include more advertisers, law enforcement, governments, foreign companies and more. It’s an all too common data selling and trading practice.
The practices also shed light on the value Facebook places on your online privacy.
Meta, Facebook, and hospitals violated the trust of patient confidentiality. This is undeniable. The impact on their public image could be considerable and is yet to be seen. Previous scandals have caused stock price drops and government backlash. The same is likely to happen here. Only this time, Facebook is not alone. The reputation of the medical community is also at stake.
Your Facebook Meta Pixel Tracking Privacy In Summary
In June 2022, hospitals were caught leaking confidential patient data to Facebook. The culprit was a tracking took known as the Meta Pixel. The pixel tracker collected private information entered on websites by patients. The tracker sent the data to Meta in a flagrant and shocking violation of HIPPA rules.
Medical practitioners must inform and receive explicit consent from patients before sharing data. They must explain who will receive the data and what the management practices are. Patients were not informed and were unable to provide consent. This is a clear and cut violation of HIPPA rules.
The resulting scandal has led to two separate class action lawsuits awaiting certification. Regardless of the lawsuits, the lesson is that we must be vigilant in the fight to protect online privacy. We are vulnerable in many ways, especially those we are unaware of.
Protecting online privacy is more important now than ever before. Situations like this show that companies do break laws, intentional or not. Some are willing to push the boundaries to leap ahead of competition. They do it at the price of your privacy.
How many other sites are using tracking pixels? According to https://w3techs.com/technologies/details/ta-facebookpixel 16.9% of websites use the Meta Tracker. That’s 197,665,980 websites (https://siteefy.com/how-many-websites-are-there/)
Privacy is a basic, fundamental human right. You need to fight for it if you want to keep it.