Report Warns: Scheduling a Doctor Appointment Online May Put Your Medical Info at Risk
Let’s say you develop a wart on your hand. Curious about the origin of and possible treatment for warts, you surf the net. Next thing you know, you start getting online ads for wart removal medicine.
You’re miffed. You just wanted information, and now, someone someplace has used your inquiry to assume you have a medical condition that’s really none of their business. You feel your privacy has been violated.
Ah, but that’s so 2019.
Today, it’s worse than that. Much worse. Because Facebook is determining medical conditions and prescriptions by pulling data from online appointments patients make with doctors and hospitals.
All hail the wonderful world of medical data sharing. Big Brother has been rubbing his hands together for a long time over this.
An in-depth investigative report by The Markup showed many hospitals have tracking devices on their websites that forward patients’ medical data to Facebook.
The Markup checked the websites of 100 hospitals and found 33 of them with the tracking device called Meta Pixel.
Meta Pixel is a piece of code that tracks you across the web, seeing what you like, watching forms you fill out and providing targeting information and feedback to web advertisers.
But Meta Pixel on hospital portals?
Make an appointment through a website containing Meta Pixel, and Facebook gets your computer IP address, the name of your doctor and information The Markup was easily able to use to identify a condition, such as “pregnancy termination” or “Alzheimer’s.”
Social media platforms offered for free make their money off advertising, of course. So far, The Markup has been unable to determine if Facebook is using hospital Meta Pixel data for advertising or algorithm enhancement.
After all, when you’re like Facebook, busy influencing elections, attempting to shape social values and practicing censorship, there’s only so much you can do in a given day, right?
And Facebook always has the shield of plausible deniability, according to Alan Butler, executive director of the Electronic Privacy Information Center.
“The evil genius of Facebook’s system is they create this little piece of code that does the snooping for them, and then they just put it out into the universe, and Facebook can try to claim plausible deniability,” Butler said.
“The fact that this is out there in the wild on the websites of hospitals is evidence of how broken the rules are.”
Which raises the question — what are the rules?
The guiding light of medical privacy is supposed to be HIPAA — the federal Health Insurance Portability and Accountability Act. It’s so restrictive regarding patient privacy that nurses in a health care facility should not discuss patient conditions with one another except on a need-to-know basis.
I doubt nurses practiced that regarding COVID patients — as I know they didn’t in the days when there were concerns about the spreading of AIDS.
Nevertheless, HIPAA is considered to be a solemn obligation to protect health privacy and the doctor-patient relationship.
Experts who reviewed The Markup’s research on the Meta Pixel said hospitals using the tracker may have violated HIPAA, which states medical providers may not disclose your health conditions to third parties without your consent.
Privacy consultant David Holtzman, a former privacy advisor to the Office of Civil Rights of the U.S. Department of Health and Human Services, said he was “deeply troubled” by what hospitals were doing by capturing and sharing patient data.
Although he declined to express certainty regarding hospitals running afoul of HIPAA, Holtzman said the Meta Pixel sharing “is quite likely a HIPAA violation.”
Law professor Nicholson Price of the University of Michigan said, “This is an extreme example of exactly how far the tentacles of Big Tech reach into what we think of as protected data space.”
Price, whose research focuses on health care and big data, called the data sharing “creepy” and “problematic” and from the standpoint of the hospitals “potentially illegal.”
Besides hospitals, The Markup uncovered seven health systems with Meta Pixels embedded in portals where patients would sign in. Joining forces with Mozilla Rally, The Markup used crowd-sourcing software to intercept data of volunteer patients and were able to determine the patients’ identities, medications, allergic reactions and details about appointments with doctors.
Nowhere did The Markup find hospitals or Facebook parent Meta producing patient consent for the data sharing.
Following The Markup’s publication of its research, as of June 15 one hospital had removed Meta Pixels from their website and six others from their appointment booking portals. Five of the health systems also removed theirs.
Sadly, Facebook health snooping is nothing new. Four years ago, Tucker Carlson, in a series entitled “Tech Tyranny,” told of Facebook seeking patient records for “undetermined research purposes.”
Such research was to be anonymous, but Beverly Hallberg, a social media expert, told Tucker that Facebook could easily identify patients subjected to the research.
And it’s not just Facebook acting loose with HIPAA. Recent COVID vaccine mandates jettisoned major concepts of patient privacy.
Of course. Big Brother is loving this.
And it’s enough to make you sick.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.