It’s free, every week, in your inbox.
The Markup tested the websites ofNewsweekstop 100 hospitals in America.
The Markup also found the Meta Pixel installed inside the password-protected patient portals of seven health systems.
I cannot say [sharing this data] is for certain a HIPAA violation.
It is quite likely a HIPAA violation.
I think this is creepy, problematic, and potentially illegal from the hospitals point of view.
Facebooks parent company, Meta, did not respond to questions.
Instead, spokesperson Dale Hogan sent a brief email paraphrasing the companyssensitive health data policy.
Internally, Facebook employees have been blunt about how wellor not so wellthe company generally protects sensitive data.
Facebook engineers on the ad and business product team wrote in a 2021 privacy overview that wasleaked to Vice.
The Meta Pixel hashed those personal detailsobscuring them through a form of cryptographybefore sending them to Facebook.
But that hashing doesnt prevent Facebook from using the data.
In fact, Metaexplicitly usesthe hashed information to link pixel data to Facebook profiles.
On other hospitals websites, we documented the Meta Pixel collecting similarly intimate information about real patients.
The pixel also told Facebook which button we clicked in response to a question about sexual orientation.
Mass General did not respond to The Markups request for comment.
But some did defend their use of the tracker.
King did not respond to follow-up questions about the vetting process.
Houston Methodist Hospital, in Texas, was the only institution to provide detailed responses to The Markups questions.
The click doesnt mean they scheduled, she wrote.
Its also worth noting that people often are exploring for a spouse, friend, elderly parent.
And as recently as February of last year, the department reported that the systems accuracy was poor.
