Meta Pixel may appear to be a useful analytic tool. It’s a piece of code that people put on their websites to track how visitors interact with their advertisements. Not really. Patients’ records, who participated in the Pixel Hunt Project voluntarily, were sent to the third party, Facebook.
Each data packet that Facebook received was labeled with an IP address to identify the patient’s mailing address. Furthermore, the IP address could be used in conjunction with other data to identify the person. Such information includes the name of a patient, doctor, and provider and the appointment.
According to examiners of the case, the hospitals may violate the Health Insurance Portability and Accountability Act (HIPAA). The hospitals did not respond to the questions, nor did they explain why Meta Pixel was installed.They just removed the code while others did not. Those who responded argued that Facebook’s business tool terms of service and the data that Facebook shared were not protected health information.
I disagree. Patients may not be too happy to share any information in their medical records with others. They want to prevent others from hacking into their information and misusing it. Identity theft is the main concern. It is hard to know what could happen if any of their health information is exposed in public, such as in the case of Rita Aid. The company disposed of pill bottles that still contained customer medical information as well as the doctor’s name. It violated the Act, and as a result, the company ended up paying fines and revising its policies to better protect customers’ health information.
In addition, I also disagree with the spokespeople defending the third party. Meta has a hard time protecting privacy issues, which opens the door for hackers and other cybercriminals. The company was unable to control users’ data and operate its filtering system, which was launched in 2020. It did not block the patients’ medical appointments or other information. The firm was still able to use the data after the Meta Pixel hashed the personal information of the users. The leaked document from last year about the company’s global privacy was in question. Not to mention that it did not comply with the GDPR. The regulation states that the data that is collected should be used for a specific purpose that is stated only. The company’s personnel did not have enough control over users’ data or the ability to change the policy; nor did the company have technical control over every piece of data because its system was built on an open border. Meanwhile, Meta planned to invest in tools rather than humans to better protect users’ data.
That said, the issue of giving consent is another concern. According to the Markup, there was no proof that the hospitals or the firm received explicit patient permission. However, the hospitals seem to proceed with the tryout without the patients’ knowing it. This makes it unclear what the motive for their activity is, or if a consent form exists to clarify the method of participation. It takes away their right to privacy and causes them to lose customer trust and loyalty. This goes the same as with Meta.
Taking this into account, Meta and the hospitals did not abide by the regulations. Meta’s product did not block personal health information. Receiving patient consent was not confirmed, and patients’ records are not protected. Even though some dispute the assertion or choose not to answer Markup’s inquiries, it disregards rights to privacy and trustworthy computing.
Sources:
Facebook Is Receiving Sensitive Medical Information from Hospital Websites
General Data Protection Regulation (GDPR): What you need to know to stay compliant
