Senator asks Zuckerberg about Facebook’s collection of ‘sensitive health information’ – The Markup
Thursday, days after millions of patients across the country learned that their hospital may have leaked their medical information to Meta-Sen. Mark Warner (D-VA) asked the tech giant to answer questions about its pixel tracking tool and the sensitive personal data it collects.
“I am disturbed by the recent revelation that the Meta Pixel was installed on a number of hospital websites – including password-protected patient portals – and the sending of sensitive health information to Meta when a patient has made an appointment online,” Warner wrote in a letter to CEO Mark Zuckerberg, citing a Markup investigation that found at least 33 major hospitals and seven health systems shared information about patients. patients via Meta Pixels embedded in their websites. He also cited another Markup investigation that found the Meta Pixel was collecting sensitive data from forms on the federal student aid website.
In an email to The Markup, Warner said: “Meta’s collection of user data without their knowledge or consent is wrong and raises the question: what is Meta doing? [with] the information they collect? I ask Meta to provide information about their data collection practices, including what information the company has access to and how it is used. I’m particularly concerned that the Meta Pixel tracker has allowed the company to access sensitive health information. At a time when more and more healthcare is moving online, it is essential that we do all we can to protect patients who use eHealth to receive care.
In the letter to Meta, Warner asked the company what information it receives from its pixel, how it stores that data, and whether the information is used to target ads. The senator also asked how Meta protects “sensitive health information” and about a filtering system that was supposed to filter this data before it is stored, but which “did not yet work with complete accuracy”, according to a report. from the New York Times last year. York State Department of Financial Services.
Warner is the second senator in recent weeks to demand answers from Meta, the parent company of Facebook and Instagram, about its tracking tools and use of sensitive health information. In September, Sen. Jon Ossoff (D-GA) posed similar questions to Meta’s chief product officer, Chris Cox, during a live hearing. Cox promised to respond in writing.
“Advertisers should not submit sensitive information about individuals through our business tools, as it is against our policies,” Meta spokesperson Dale Hogan wrote in an email to The Markup. “We teach advertisers how to properly configure business tools to prevent this from happening. Our system is designed to filter potentially sensitive data that it is able to detect.
Since Ossoff’s questioning a month ago, two other health systems have sent data breach notifications to approximately 3.5 million patients, warning them that their health information may have been inappropriately disclosed to Meta.
Last week, attorney Aurora Health, based in Wisconsin and Illinois, advised the Department of Health and Human Services’ Office of Civil Rights that up to three million patients may have been affected by the breach. of data. In a notification posted on its website, the health system warned all patients who had made appointments through its site or used its MyChart portal that their sensitive data may have been shared not only with Facebook but also with Google.
On the same day, WakeMed, a North Carolina-based healthcare system, informed patients that their data may have been shared with Facebook. Nearly 500,000 patients have been notified, according to the Raleigh News & Observer. Another North Carolina health system, Novant Health, previously notified 1.3 million patients of its own breach.
Health systems said compromised information could include patient names, addresses, IP addresses, appointment details and, in some cases, information about allergies, vaccination status and communications with providers. .
As part of our investigation, The Markup used data submitted by real patients who participated in our Pixel Hunt project in conjunction with Mozilla Rally. Data from the project showed that Meta Pixels also collected details about patients’ medications and their responses to questions about sensitive topics such as sexuality.
As of October 20, at least 35 of the 40 hospitals and healthcare systems The Markup uncovered by sending patient data to Meta had removed or disabled Meta Pixels on their websites.
Meta also faces at least five class action lawsuits from patients alleging that its pixel data collection on hospital websites violates various state and federal laws.