Facebook has been getting the sensitive health information of millions of Americans through a tracker installed on as many as a third of U.S. hospital websites.
U.S. Sen. Mark Warner, D-VA, is pressing Mark Zuckerberg, the CEO of Meta, the parent company of Facebook, for answers as to what the company is doing with that information.
“As we increasingly move health care online, we must ensure there are strong safeguards in place surrounding the use of these technologies to protect sensitive health information,” Warner wrote in a letter to Zuckerberg on Thursday.
Warner, in the letter, called attention to Meta Pixel, a technology tool used by many companies for website optimization.
A pixel is a piece of software code that helps measure user activity online by serving cookies when a user visits a website, which allows certain activities on that website to be tracked and analyzed.
It is now known that the Meta Pixel sends Facebook a packet of data whenever a user clicks a button to schedule a doctor’s appointment – without the knowledge of the individual making the appointment.
“I am troubled by the recent revelation that the Meta Pixel was installed on a number of hospital websites – including password-protected patient portals – and sending sensitive health information to Meta when a patient scheduled an appointment online,” Warner wrote. “This data included highly personal health data, including patients’ medical conditions, appointment topics, physician names, email addresses, phone numbers, IP addresses, and other details about patients’ medical appointments.”
WakeMed, a healthcare system with hospitals throughout the Raleigh, N.C., area, sent out a notice to its patients this week to inform them that the Meta Pixel installed on its website and MyChart “may have also transmitted some of the information entered into the MyChart patient portal and appointment scheduling page back to Facebook.”
“WakeMed proactively disabled Facebook’s pixel in May 2022 and has no plans to use it in the future without confirmation that the pixel no longer has the capacity to transmit potentially sensitive or identifiable information,” the hospital system said in a news release on Monday.
Warner also noted in his letter allegations that this practice of data harvesting and collection has been used by Meta to target advertisements across their platforms.
“Meta’s own business guidelines state that the company ‘[doesn’t] want websites or apps sending [Meta] sensitive information about people,’ including sensitive health information, which Meta identifies as medical conditions, sexual and reproductive health, mental health, details regarding medical devices and trackers, treatments, test results, body specifications or cycles, locations of treatment, and other health-related data. Yet, in this most recent case and as we have seen previously, Meta is continuing to access this highly sensitive information,” Warner wrote.