Saturday, August 6, 2022

Meta uses private medical data for ads on Facebook, lawsuit alleges

- Advertisement -
- Advertisement -

Meta is being sued for collecting data from US hospitals without users’ knowledge, according to two new lawsuits.

The claims focus on the meta pixel that sends Facebook data when they click a button.

A recent report by The Markup found that 33 of the top 100 hospitals in America used the Pixel. The data sent to Facebook contains an IP address, through which the user or his household could be identified.

In seven of those 33 hospitals, the pixel was installed on password-protected patient portals – to share information, including the names of patients’ medications, descriptions of their allergic reactions and details of their upcoming doctor’s appointments. Some hospitals have removed the pixels, according to The Markup’s report.

One lawsuit alleges that patient portals University of California San Francisco and Dignity Health’s pixel sent medical information to Facebook, causing them to see ads for their heart and knee problems — some of which had no scientific backing.

United States medical privacy law states that healthcare organizations require patient consent to share identifiable information with outside groups, with the lawsuits alleging that Meta knowingly fails to enforce those guidelines.

Meta didn’t answer that of the independent Asked for comment before the time of publication and did not answer questions sent by The Markup.

Instead, a spokesperson paraphrased the company’s policy on sensitive health data: “When Meta’s signal filtering systems detect that a business is sending potentially sensitive health data from its app or website through the use of Meta Business Tools, which in some cases may erroneously mean that potentially sensitive data is removed before it can be stored in our ad systems.”

“I am deeply concerned about what [the hospitals] with the collection and sharing of their data,” said David Holtzman, a health privacy advisor who previously served as the senior privacy advisor at the US Department of Health and Human Services’ Office for Civil Rights, which enforces HIPAA, told The Markup.

“I can not say [sharing this data] is certainly a HIPAA violation. It is very likely a HIPAA violation.”

The lawsuits have not yet been certified as class actions, which a judge must do before they can develop, but if they do, they could bring damages on behalf of all users whose medical providers used the pixel.

- Advertisement -
Latest news
- Advertisement -
Related news
- Advertisement -


Please enter your comment!
Please enter your name here