Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Wednesday August 03, @11:53PM   Printer-friendly [Skip to comment(s)]
from the we-are-(again)-very-sorry-and-promise-to-do-better dept.

Facebook may have violated patient privacy laws:

Meta may have scooped up sensitive medical information without consent. The Verge reports that two proposed class-action lawsuits accuse the company and hospitals of violating HIPAA, the California Invasion of Privacy Act and other laws by collecting patient data without consent. Meta's Pixel analytic tracking tool allegedly sent health statuses, appointment details and other data to Facebook when it was present on patient portals.

In one lawsuit from last month, a patient said Pixel gathered data from the UC San Francisco and Dignity Health portals that was used to deliver ads related to heart and knee issues. The second lawsuit, from June, is broader and claims at least 664 providers shared medical info with Facebook through Pixel.

[...] They also follow a string of privacy-related US legal action against the social media giant. Meta is facing a DC Attorney General suit over Cambridge Analytica's collection of more than 70 million Americans' personal data. The company is also grappling with lawsuits over its deactivated facial recognition system, and only this year settled a 2012 class-action over the use of tracking cookies. These latest courtroom battles suggest that concerns about Meta's data gathering practices are far from over, even as the company makes its own efforts to crack down on misuse.

Previously: Facebook is Receiving Sensitive Medical Information From Hospital Websites – the Markup


Original Submission

Related Stories

Facebook is Receiving Sensitive Medical Information From Hospital Websites – the Markup 31 comments

Experts say some hospitals' use of an ad tracking tool may violate a federal law protecting health information :

A tracking tool installed on many hospitals' websites has been collecting patients' sensitive health information—including details about their medical conditions, prescriptions, and doctor's appointments—and sending it to Facebook. The Markup tested the websites of Newsweek's top 100 hospitals in America. On 33 of them we found the tracker, called the Meta Pixel, sending Facebook a packet of data whenever a person clicked a button to schedule a doctor's appointment. The data is connected to an IP address—an identifier that's like a computer's mailing address and can generally be linked to a specific individual or household—creating an intimate receipt of the appointment request for Facebook.

[...] The Meta Pixel sends information to Facebook via scripts running in a person's internet browser, so each data packet comes labeled with an IP address that can be used in combination with other data to identify an individual or household.

HIPAA lists IP addresses as one of the 18 identifiers that, when linked to information about a person's health conditions, care, or payment, can qualify the data as protected health information. Unlike anonymized or aggregate health data, hospitals can't share protected health information with third parties except under the strict terms of business associate agreements that restrict how the data can be used.

In addition, if a patient is logged in to Facebook when they visit a hospital's website where a Meta Pixel is installed, some browsers will attach third-party cookies—another tracking mechanism—that allow Meta to link pixel data to specific Facebook accounts.

This discussion was created by hubie (1068) for logged-in users only. Log in and try again!
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Interesting) by Runaway1956 on Thursday August 04, @12:38AM (2 children)

    by Runaway1956 (2926) Subscriber Badge on Thursday August 04, @12:38AM (#1264863) Homepage Journal

    Intentionally violating HIPAA regulations? This doesn't warrant a 5 million dollar fine. It doesn't warrant a 50 million dollar fine. Let's jump two more orders of magnitude, and start considerations at 5 billion dollars. I'll entertain the idea of bumping that up to 50 billion. Congress needs to get involved, hold another hearing or six, and get in on burning everyone, including Zuch, all executives who have ever touched the medical data collection, and the company. Name and shame everyone, and punish them like rented mules. Then pass laws that will make my 50 billion dollar fine suggestion above look like child's play.

    Just fucking BURN THEM!

    --
    There is a supply side shortage of pronouns. You will take whatever you are offered.
    • (Score: 4, Insightful) by Anonymous Coward on Thursday August 04, @05:22AM

      by Anonymous Coward on Thursday August 04, @05:22AM (#1264880)
      Nah, five million dollars is about right. Per count. At about a hundred million counts, that's $5 trillion. Facebook or Meta or whatever the hell they call themselves, and Zuck and his cronies should be thrown into the lake of fire where they belong. They are fucking Babylon the Great, and profit by trading people's souls.
    • (Score: 4, Funny) by Opportunist on Thursday August 04, @06:57AM

      by Opportunist (5545) on Thursday August 04, @06:57AM (#1264884)

      They could crucify Zuck and put it on Twitch to recover the cost.

      I'm fairly sure people would want to pay good money to see that.

  • (Score: 3, Insightful) by Barenflimski on Thursday August 04, @05:23AM (3 children)

    by Barenflimski (6836) on Thursday August 04, @05:23AM (#1264881)

    Fuck Meta.
    Fuck Zuck.

    The only thing any of these data brokers are good at, is screwing you.

    • (Score: 2) by NotSanguine on Thursday August 04, @08:16AM (1 child)

      The only thing any of these data brokers are good at, is screwing you.

      And it will be the best 16 seconds of your life -- every time.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr
      • (Score: 2) by DannyB on Thursday August 04, @02:34PM

        by DannyB (5839) Subscriber Badge on Thursday August 04, @02:34PM (#1264918) Journal

        As they strive for ever greater performance and efficiency, I'm confident they will improve upon their 16 second time.

        --
        Islamic Fatwas = BAD; MAGA Fatwas for FBI and Judges = GOOD ?
    • (Score: 2) by bmimatt on Thursday August 04, @09:22PM

      by bmimatt (5050) on Thursday August 04, @09:22PM (#1264979)

      I suppose it's safe to assume here, that the 'pixel' (javascript) is reading all form data and possibly other DOM elements. Could it just grab the whole DOM? Probably. Likely. Certainly, since it's Zuckface's 'product'.

  • (Score: 5, Interesting) by mth on Thursday August 04, @09:29AM (3 children)

    by mth (2848) on Thursday August 04, @09:29AM (#1264898) Homepage

    This is wrong on so many levels.

    My first reaction was that it's the hospital's fault for having a tracking pixel on their site in the first place. They are supposed to handle their patients' data carefully and sending any kind of patient data to Meta conflicts with that. I still think they're the main culprit here.

    Reading the articles, it seems though that Meta was aware of sensitive data being sent their way and instead of telling the hospitals to stop doing that and discarding all data sent by the hospitals, they implemented a filter which doesn't actually guarantee that no senstive data is stored but gives them a way to pretend that they care. I hope the judge will see through that.

    Then I wondered how the tracking pixel got on the hospital portals. Apparently it was part of an ad integration, but why are hospitals running ads on their patient portals? The heavy commercialization of health care looks like an underlying cause, a pre-existing condition if you will.

    • (Score: 2) by DannyB on Thursday August 04, @02:37PM (2 children)

      by DannyB (5839) Subscriber Badge on Thursday August 04, @02:37PM (#1264920) Journal

      To avoid conflict of interest do not allow medical advice, doctors or drugs to be advertised on hospital portals.

      Problem fixed.

      Now ads on hospital portals will look like:

      Have you been injured in an accident? Do you need help in recovering damages you are owed by the party who caused you harm?

      --
      Islamic Fatwas = BAD; MAGA Fatwas for FBI and Judges = GOOD ?
      • (Score: 0) by Anonymous Coward on Thursday August 04, @08:43PM (1 child)

        by Anonymous Coward on Thursday August 04, @08:43PM (#1264967)

        Hey, you saw the same ad I did from the law firm of Dewey, Cheatum, and Howe!

        • (Score: 2) by jb on Friday August 05, @04:26AM

          by jb (338) on Friday August 05, @04:26AM (#1265037)

          Hey, you saw the same ad I did from the law firm of Dewey, Cheatum, and Howe!

          Must have had a change of partners recently then. I seem to recall the firm as Billem, Cheatham & Lye.

(1)