August 4, 2022 – Facebook’s parent company Meta is being sued for allegedly collecting private medical information of millions of people from top US hospitals using the company’s data-tracking tool Meta Pixel.
According to the lawsuit, filed in the Northern District of California last week, a number of US hospitals used Pixel, a tool that accessed patients’ sensitive health data on their password-protected online portals. Meta then sold this data to advertisers, who used it for targeted treatment and medicine ads on the company’s biggest social media platform, Facebook.
This is the second recent lawsuit accusing US hospitals and Meta of compromising people’s private medical profiles, violating the Health Insurance Portability and Accountability Act (HIPAA). The act bars health organisations from sharing personally identifiable health information with external entities without the patients’ consent.
In June, an investigation by The Markup revealed that 33 of the 100 hospitals in the US use Pixel on their websites. The tracking tool was found installed on the password-protected portals of at least seven hospitals. Information related to health conditions, medical appointments, and medication of patients was being sent to Facebook through Pixel, the investigation found.
“Neither the hospitals nor Meta said they had such contracts in place, and The Markup found no evidence that the hospitals or Meta were otherwise obtaining patients’ express consent,” The Markup stated in its report. The nonprofit newsroom, however, added that it was unable to determine whether Facebook used the data to target advertisements, train its recommendation algorithms, or profit in other ways.
In one of the complaints, a Facebook user claims that she started receiving ads for medication related to her heart and knee conditions which she had entered in her portals on the websites of two hospitals (University of California, San Francisco Medical Centre and Health Dignity).
Meta’s policy states that the company’s “filtering mechanism is designed to prevent potentially sensitive health-related data from being ingested into its ads ranking and optimisation systems”. However, Meta has been called out repeatedly for violating its own policies with controversial data-sharing practices.
