[ad_1]
Meta is facing an increasing number of questions about access to sensitive medical information. Following the markup examination It found the company’s pixel tracking tool on hospital websites collecting details about patients’ doctor appointments, prescriptions and health conditions.
During the Senate Homeland Security and Governmental Affairs Committee Hearing on September 14Senator Jon Ossoff (D-Ga.) has called for Meta — the parent company of Facebook and Instagram — to provide a “comprehensive and accurate” account of the medical data it holds on users.
“There has been considerable public reporting, controversy and concern about the MetaPixel product and its deployment on various hospital system websites that allowed Meta to collect personal health care information,” Ossoff said.
advertisement
“We need to understand whether the US Congress is collecting, gathering, accessing or storing medical or health information about the American people,” he added.
Asked by Ossoff whether Meta would have medical or healthcare information about its users, Meta Chief Product Officer Chris Cox replied, “Not to my knowledge.” Cox also promised to respond in writing to the committee.
advertisement
In June, The Markup reported MetaPixels on 33 of Newsweek’s top 100 hospital websites were transferring patients’ doctor appointments to Meta when patients made reservations on the websites. We also found Meta Pixels, which collects data on patients’ prescriptions, sexuality and health status at seven password-protected health systems.
Former regulators told Markup that the hospitals’ use of Pixel may have violated the Health Information Portability and Accountability Act (HIPAA), which prohibits the sharing of protected health information.
“Advertisers should not send sensitive information about people through our commercial tools,” Meta spokesman Dale Hogan wrote in an emailed statement. “Doing so is against our policies and we advise advertisers to properly set up business tools to prevent this from happening. Our systems are designed to access sensitive information.”
From The Markup investigation:
- As of September 15, 28 of the 33 hospitals have either removed MetaPixel from their physician registration pages or blocked it from posting patient information to Facebook. At least six of the seven health systems have removed Pixels from their patient portals. We reached out to the institutions that removed the pixel from their websites after our research was published in June. As of press time, three facilities — Sanford Health, El Camino Health and Henry Ford Health — have responded. Read their descriptions over here.
- One health system, North Carolina-based Novant Health, has mailed data breach notifications. 3 million customers Following the Markup report. In the breach notification, Novant Health stated that the pixel was added as part of a promotional campaign to encourage use of the Novant MyChart patient portal, but that “the pixel was configured incorrectly and may have allowed certain personal information to be transmitted to Meta.” On Sept. 16, Novant updated its data breach notification post to inform the carrier that Meta scans patients’ sensitive medical information “generally” and “does not retrieve or destroy information.”
- North Carolina Attorney General’s Office He said he is “actively investigating”. The hospitals’ data sharing comes under scrutiny after state lawmakers call.
- At least five class-action lawsuits have been filed against Meta alleging that pixel data on hospital websites violates various state and federal laws. one, They filed a lawsuit against the company On behalf of Baltimore-based MedStar Health System Patient, MetaPixel collected patient data from no fewer than 664 different hospital websites. Other lawsuits have been filed on behalf of patients Novant Health And in hospitals San Francisco, AngelsAnd Chicago.
Meanwhile, changes in another legislative issue suggest that Meta may have trouble providing the Senate committee with complete information about sensitive health information on consumers.
In March, two Meta employees who testified about the Cambridge Analytica scandal told the U.S. District Court for the Northern District of California that it was too difficult for the company to track all the data associated with a single user account.
“It takes multiple teams on the ad side to track exactly where the data is flowing,” said one Facebook engineer. CopyOriginally reported by The intercept. I wonder if there is anyone who can definitively answer that narrow question.
The engineers’ comments echo similar concerns expressed in a 2021 privacy memo written by Facebook engineers. He went to the deputy.
“We don’t have an adequate level of control and clarity over how our systems use data, and so we can’t make bold controlled policy changes or external commitments such as ‘We will not use X data for Y purpose,'” the memo’s authors wrote.
This was an article. Published jointly with The Markupa nonprofit newsroom that examines how institutions are using powerful technology to change our society. Sign up for the newsletters here.
[ad_2]
Source link