Governance & Risk Management , Healthcare , HIPAA/HITECH
Pressure on Meta Mounts Over Pixel Collecting Health Data
Sen. Mark Warner Demands Answers From Meta on its Pixel PracticesA Virginia Democratic senator is adding to the pressure on Meta following revelations that its online Pixel tracking tool captures sensitive health information.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
Sen. Mark Warner wrote to Meta CEO Mark Zuckerberg last Thursday expressing concern over the company's ability to obtain data including medial conditions, appointment dates and treating physician names.
Controversy has steadily mounted this summer and fall over revelations that hospitals and other healthcare providers have incorporated into patient portals web tracking technology offered by Meta and Google.
A recent study by data privacy firm Lokker found that more than 2,500 U.S. hospitals and healthcare provider websites and patient portals use tracking tools.
"It is critical that technology companies like Meta take seriously their role in protecting user health data. Without meaningful action, I fear that these continuing privacy violations and harmful uses of health data could become the new status quo in healthcare and public health," Warner said in his letter to Zuckerberg.
A Meta spokesman responded to Information Security Media Group's request for comment on the letter by stating, "Advertisers should not send sensitive information about people through our business tools as doing so is against our policies. We educate advertisers on properly setting up business tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect."
Advocate Aurora Health, a large healthcare provider in the Midwest, earlier this month reported to federal regulators its use of web tracking technology in its web portal and scheduling apps as a data breach (see: Health Entity Says Tracking Code Breach Affects 3 Million).
Sensitive Data
A Supreme Court decision in June ending the nationwide right to abortion "shined a spotlight on the sensitivity of health information," says attorney Maneesha Mithal, a partner at law firm Wilson Sonsini Goodrich & Rosati and a former Federal Trade Commission official.
Nonprofit investigative reporting organizations The Markup and Reveal reported in June that Meta collects abortion-related information about users (see: Lawsuit: Facebook Collecting Patient Data of 'Millions').
Where sensitive health data can be sold, or subpoenaed, it provides "a hyper-efficient, low or no-cost investigatory engine for law enforcement," says technology attorney Steven Teppler of law firm Sterlington.
Meta faces at least four proposed class action lawsuits about to be consolidated in the Northern District of California related to its use of Pixel and the privacy of health data.
Meta is not the only tech giant facing scrutiny over its data collection practices. But some tech vendors are beginning to respond to the concerns.
In July, Google announced it would soon begin deleting location history pertaining to individuals' visits to facilities offering sensitive healthcare services in the wake of the Supreme Court overturning Roe v. Wade and as some states begin to ban and criminalize abortion (see: Taking Action to Enhance Sensitive Health Data Privacy).