Four health systems have disclosed that their hospitals may have leaked millions of patients' medical information to Meta, Facebook's parent company.
In July, a class action lawsuit was filed in the Northern District of California against Meta, the UCSF Medical Center and San Francisco-based Dignity Health, alleging that the organizations are unlawfully collecting sensitive healthcare data about patients for targeted advertising.
Similarly, Chicago-based Northwestern Memorial Hospital faced a similar lawsuit for allowing Facebook's tracking tool to collect private medical information from its hospital's patient portal to use for its own profit.
This tracking and data collection tool, dubbed Meta Pixel, allegedly has been installed in at least 33 top hospitals and seven health systems' websites and patient portals.
When patients enter highly sensitive information about themselves, their conditions, physicians, prescribed medication and more, the tool allegedly sends that information back to Meta.
Most recently, Advocate Aurora Health, dually headquartered in Downers Grove, Ill., and Milwaukee, said it implemented the Meta tracking tools to better understand patient behaviors but that the data of 3 million patients may have been sent to Google or Meta.
The hospital has since disbaled the "pixels" from its platforms and launched an internal investigation to better understand what patient information was transmitted to the vendors.
After the incident at Advocate, Sen. Mark Warner requested that Meta answer questions about its pixel tracking tool and the sensitive personal data it collects.
"I am troubled by the recent revelation that the Meta Pixel was installed on a number of hospital websites — including password-protected patient portals — and sending sensitive health information to Meta when a patient scheduled an appointment online," Mr. Warner wrote in a letter to CEO Mark Zuckerberg on Oct. 20.
The tool has raised concerns about HIPAA violations.
Under HIPAA, covered entities are prohibited from sharing identifiable patient health information with third parties like Facebook, unless consent is given.
The news site The Markup conducted an investigation into the tool and found that there was no evidence that the health systems nor Facebook were obtaining patients' consent.