Meta faces growing questions from Congress about health data privacy

Meta faces growing questions from Congress about health data privacy

Meta is facing increasing questions about its access to sensitive medical data after a coding investigation that found the company’s pixel tracking tool collects details about doctor’s appointments, prescriptions and health conditions on hospital websites.

During the Senate Homeland Security and Governmental Affairs Committee meeting Listening on September 14Senator John Osoff (D-Ga.) has asked Meta — the parent company of Facebook and Instagram — to provide a “comprehensive and accurate” account of the medical information it maintains on users.

“There have been significant public reports, controversy, and concern about the Meta Pixel product and the possibility that its publication on various hospital systems websites, for example, enabled Meta to collect private healthcare data,” Ussoff said.


“We need to understand, as in the US Congress, whether Meta collects, collects, has access to, or stores medical or health data for American people,” he added.

In response to Ossoff’s question about whether Meta has medical or healthcare data about its users, Chris Cox, chief product officer of Meta, replied, “Not to my knowledge.” Cox also promised to follow up with a written response to the committee.


In June, The Markup reported that Meta Pixels on the websites of 33 of Newsweek’s 100 best hospitals in America relayed details of doctors’ appointments for patients to Meta when patients booked on the sites. We also found Meta Pixels within password-protected patient portals for seven health systems that collect data on patients’ prescriptions, sexual orientation, and health conditions.

Previous regulators told The Markup that hospitals’ use of pixels may have violated the Health Information Transfer and Accountability Act (HIPAA), which prohibits sharing of protected health information.

“Advertisers should not submit sensitive information about people through our business tools,” Meta spokesperson Dale Hogan wrote to The Markup in an emailed statement. “Doing so is against our policies and we teach advertisers how to properly set up business tools to prevent this from happening. Our system is designed to filter out potentially sensitive data that it can detect.”

Since the Markup investigation:

  • As of September 15, 28 of the 33 hospitals have removed the Meta Pixel from their doctor’s booking pages or banned them from sending patient information to Facebook. At least six of the seven health systems have also removed pixels from their patient portals. Markup reached out to organizations that removed pixels from their websites after our investigation was published in June. As of press time, three institutions – Sanford Health, El Camino Health and Henry Ford Health – have responded. Read their statements over here.
  • One health system, North Carolina-based Novant Health, mailed data breach notices to 3 million customers After the Markup report. In the breach notice, Novant Health stated that the pixel was added as part of a promotion to encourage use of Novant’s MyChart patient portal, but that “the pixel was incorrectly configured and may have allowed certain private information to be transmitted to the Meta.” On September 16, Novant modified its data breach notification message to say that Meta had told the provider that it “generally” filters sensitive medical information for patients and that it “has no information to return or destroy.”
  • North Carolina Attorney General’s Office She stated that she was “actively checking” Hospital data shared after calls from state lawmakers for an investigation.
  • At least five class-action lawsuits have been filed against Meta claiming that pixel data collection on hospital websites violated various state and federal laws. One, filed against the company On behalf of a MedStar Health System patient in Baltimore, he claims that Meta Pixels collected patient information from at least 664 different hospital websites. Other lawsuits have been filed on behalf of patients Novant Health and hospitals in San FranciscoAnd the Los AngelesAnd the Chicago.

Meanwhile, developments in another legal case indicate that Meta may struggle to provide a Senate committee with a full account of the sensitive health data it holds about users.

In March, two Meta employees testified in a case related to the Cambridge Analytica scandal for the US District Court for the Northern District of California that it would be very difficult for the company to track all the data associated with a single user account.

One Facebook engineer said, according to a copy the same as orgenalwhich was first reported by Intercept. “I would be surprised if there was one person who could answer this narrow question definitively.”

The engineers’ comments reflect the same concerns expressed in the 2021 Privacy Notice written by Facebook engineers Leaked to the deputy.

“We do not have a sufficient level of control and explanation over how our systems use data, and therefore cannot confidently make policy changes or external commitments such as ‘We will not use X data for purpose Y,’” the authors wrote.

This article was Published jointly with The Markupa nonprofit newsroom investigating how powerful organizations are using technology to transform our society. Subscribe to their newsletter here.

#Meta #faces #growing #questions #Congress #health #data #privacy

Leave a Comment

Your email address will not be published.