Top Hospitals Breaching HIPAA By Sending PHI Via Facebook

According to a recent analysis of hospital websites, a third of the top 100 hospitals in the US are sharing patient information to Facebook using a tracker called Meta Pixel, allegedly without the patient’s knowledge or consent. Meta Pixel is a piece of code which website owners use to monitor user behavior on the website to determine how effective advertising is. The Meta Pixel can be used to ensure ads are displayed to the correct people, increase sales, and to measure the outcomes of the ads placed on the website. The tracker collects various forms of information including details relating to medical conditions, clinical visits, and prescriptions.

The report was issued by The Markup in collaboration with STAT. The researchers found that the Meta Pixel tracker was present in 33 of all the hospitals’ appointment scheduling pages. The Meta Pixel obtains a collection of data whenever an individual would click on a button to schedule a doctor’s appointment. The information is then connected with an IP address, resulting in the creation of a private receipt of the appointment request to Facebook. 

In 7 of the hospital websites systems examined, Meta Pixel had access to password-protected patient portals. The analysis discovered that five of the hospital systems were transmitting information to Facebook on patients who participated in the Pixel Hunt Project. By agreeing to have information shared to The Markup, participants revealed that Facebook was receiving information regarding their patient’s medications, descriptions of their allergic reactions, and information about their upcoming appointments with physicians. No business associate agreements were found between the hospitals and Facebook’s parent company, Meta, which would legally enable the transfer of data. 

In the report, The Markup has claimed that Meta Pixel had access to approximately 26 million patient admissions and outpatient visits in 2020. However, the study was only limited to the top 100 hospitals within the US. The researchers believe that a multitude of other hospitals are allowing Facebook to utilize Meta Pixel. Although unable to confirm, it is believed that Meta creates targeted adverts to patients based on the information they receive.