Four of the state’s largest health care systems sent sensitive patient information to Facebook, according to a report published Thursday by The Markup and STAT.
The story implicated Atrium Health Carolinas Medical Center, Duke University Hospital, Novant Health and WakeMed.
The MarkUp tested the websites of Newsweek’s top 100 hospitals in America. The publication found 33 of them used a tracker called the Meta Pixel, which sends Facebook a packet of data whenever a person clicked or tapped a button to schedule a doctor’s appointment.
Potential information Facebook could have received includes patients’ health conditions, allergies and sexual orientations.
The Meta Pixel sends information to Facebook via scripts running in a person’s internet browser, so while individuals are not identified by name or home address, the data packet passes along an IP address that can be used in combination with other data to identify an individual or household.
Atrium Health Carolinas Medical Center, Duke University Hospital, Novant Health and WakeMed each issued written statements on Thursday to WRAL News.
Atrium Health statement
Atrium Health issued a written statement to WRAL News.
“Because privacy is critically important to us, we have stringent, effective safeguards in place in our digital environment,” Atrium wrote. “We will continue to monitor and validate the tools we use to best serve our communities.”
Duke Health statement
A Duke Health spokesperson said it has removed the Meta Pixel from its website.
“Duke Health is committed to protecting the privacy of our patient’s health information,” Duke Health wrote in a statement. “Upon investigating the issue raised in the report that appeared this morning, we have removed Meta Pixel from our website.”
Novant Health statement
A Novant Health spokesperson said it has removed the Meta Pixel from its website. Novant Health also issued a written statement.
“We take privacy and the care of patient information very seriously at Novant Health and we value the trust our patients place in us to keep their medical information private,” Novant Health wrote. “Approximately two years ago, we engaged a third-party vendor to help us develop and implement a campaign designed to encourage individuals to sign up for MyChart.
“The goal of this endeavor was to get more people to take advantage of virtual care opportunities, especially since COVID was having a significant impact on how people preferred to receive care, as well as on our resources to provide in-person care. We used tracking pixels to determine how many people signed up for MyChart, not what they did after they signed in.”
On Thursday, WakeMed emailed a written statement to WRAL News.
“WakeMed takes the privacy and security of our patients’ information very seriously,” WakeMed wrote. “WakeMed removed the Meta Pixel, and we continue to evaluate the matter.”
On Thursday, Meta also released a statement.
“Advertisers should not send sensitive information about people through our Business Tools,” a Meta spokesperson wrote. “Doing so is against our policies and we educate advertisers on properly setting up Business tools to prevent this from occurring.
“Our system is designed to filter out potentially sensitive data it is able to detect.”
In June 2021, WRAL News reported about how health apps are not always covered by the same medical privacy laws such as HIPAA, that protect information patients share with a doctor in person. Even when HIPAA rules do apply, they may not cover all the data an app collects.
Facebook makes money through advertising, profiling users based on what they click on, friends and what websites users check out. It’s how advertisers target users with relevant content.
In 2020, Facebook introduced ‘Off-Facebook Activity’ settings. While there’s no way to stop the social media company from collecting ‘Off-Facebook’ data, users can limit what Facebook does with any new data going forward.
Just know turning off the setting will disable the Facebook Login tool, which lets you sign in to other apps and websites using your Facebook credentials.
Another way people can help protect their identity online is by using a fake email service, which is an easy and effective way to minimize tracking.