Hospital Websites Leak Sensitive Patient Information to Facebook
Patient privacy violations have been linked to information collected from hospital websites by Meta, the parent company of Facebook, via its Meta Pixel. The Meta Pixel is a piece of computer code that it used to track a visitor’s activity across the internet. Businesses, in this case, hospital systems, embed the Meta Pixel into their websites to gather data regarding visitor website activity and create targeted marketing campaigns via Facebook.
An investigation by journalists at The Markup found that roughly a third of the top 100 hospitals in America use the Meta Pixel to track patient website activity. Tests were conducted during the investigation to determine what information the Meta Pixel was sending to Facebook. It was discovered that the Meta Pixel gathered patient-protected health information (PHI) in addition to general user activity data. The list below is a compilation of identifiable and sensitive patient data collected across a sample of hospital websites that used the Meta Pixel.
- IP addresses
- Patient names
- Email addresses
- Medications
- Details about upcoming doctor visits
- COVID vaccine status
- Online appointment scheduling data including reason for visit
The pixel may have also transmitted patient information contained in portals like MyChart and scheduling pages to Facebook. Lawsuits have been filed against hospital systems for failing to protect patient data related to Meta Pixel tracking. Some hospitals and health systems have begun sending out notices to patients that have had their PHI transmitted to Facebook by the provider. If you or someone you know has received a notice like this from your hospital or healthcare provider, contact us. Our class action attorneys have experience litigating data breach claims on behalf of consumers against hospitals and healthcare insurers and can advise you of your legal rights and options.