Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.
posted by hubie on Sunday September 25, @08:43AM   Printer-friendly
from the ask-me-no-questions-and-I'll-tell-you-no-lies dept.

Meta Faces Mounting Questions from Congress on Health Data Privacy As Hospitals Remove Facebook Tracker – The Markup:

Meta is facing mounting questions about its access to sensitive medical data following a Markup investigation that found the company's pixel tracking tool collecting details about patients' doctor's appointments, prescriptions, and health conditions on hospital websites.

During a Senate Homeland Security and Governmental Affairs Committee hearing on Wednesday, Sen. Jon Ossoff (D-GA) requested that Meta—the parent company of Facebook and Instagram—provide a "comprehensive and precise" accounting of the medical information it keeps on users.

[...] In response to Ossoff's question about whether Meta has medical or health care data about its users, Meta chief product officer Chris Cox responded, "Not to my knowledge." Cox also promised to follow up with a written response to the committee.

[...] "Advertisers should not send sensitive information about people through our Business Tools," Meta spokesperson Dale Hogan wrote to The Markup in an emailed statement. "Doing so is against our policies and we educate advertisers on properly setting up Business tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect."

Meanwhile, developments in another legal case suggest Meta may have a hard time providing the Senate committee with a complete account of the sensitive health data it holds on users.

In March, two Meta employees testifying in a case about the Cambridge Analytica scandal told the U.S. District Court for the Northern District of California that it would be very difficult for the company to track down all the data associated with a single user account.

[...] The engineers' comments echo the same worries expressed in a 2021 privacy memo written by Facebook engineers that was leaked to Vice.

"We do not have an adequate level of control and explainability over how our systems use data, and thus we can't confidently make controlled policy changes or external commitments such as 'we will not use X data for Y purpose,' " the memo's authors wrote.

Previously:
    Meta Faces Lawsuit for Allegedly Collecting Patient Health Data Without Consent
    Facebook is Receiving Sensitive Medical Information From Hospital Websites – the Markup


Original Submission

Related Stories

Facebook is Receiving Sensitive Medical Information From Hospital Websites – the Markup 31 comments

Experts say some hospitals' use of an ad tracking tool may violate a federal law protecting health information :

A tracking tool installed on many hospitals' websites has been collecting patients' sensitive health information—including details about their medical conditions, prescriptions, and doctor's appointments—and sending it to Facebook. The Markup tested the websites of Newsweek's top 100 hospitals in America. On 33 of them we found the tracker, called the Meta Pixel, sending Facebook a packet of data whenever a person clicked a button to schedule a doctor's appointment. The data is connected to an IP address—an identifier that's like a computer's mailing address and can generally be linked to a specific individual or household—creating an intimate receipt of the appointment request for Facebook.

[...] The Meta Pixel sends information to Facebook via scripts running in a person's internet browser, so each data packet comes labeled with an IP address that can be used in combination with other data to identify an individual or household.

HIPAA lists IP addresses as one of the 18 identifiers that, when linked to information about a person's health conditions, care, or payment, can qualify the data as protected health information. Unlike anonymized or aggregate health data, hospitals can't share protected health information with third parties except under the strict terms of business associate agreements that restrict how the data can be used.

In addition, if a patient is logged in to Facebook when they visit a hospital's website where a Meta Pixel is installed, some browsers will attach third-party cookies—another tracking mechanism—that allow Meta to link pixel data to specific Facebook accounts.

Meta Faces Lawsuit for Allegedly Collecting Patient Health Data Without Consent 11 comments

Facebook may have violated patient privacy laws:

Meta may have scooped up sensitive medical information without consent. The Verge reports that two proposed class-action lawsuits accuse the company and hospitals of violating HIPAA, the California Invasion of Privacy Act and other laws by collecting patient data without consent. Meta's Pixel analytic tracking tool allegedly sent health statuses, appointment details and other data to Facebook when it was present on patient portals.

In one lawsuit from last month, a patient said Pixel gathered data from the UC San Francisco and Dignity Health portals that was used to deliver ads related to heart and knee issues. The second lawsuit, from June, is broader and claims at least 664 providers shared medical info with Facebook through Pixel.

[...] They also follow a string of privacy-related US legal action against the social media giant. Meta is facing a DC Attorney General suit over Cambridge Analytica's collection of more than 70 million Americans' personal data. The company is also grappling with lawsuits over its deactivated facial recognition system, and only this year settled a 2012 class-action over the use of tracking cookies. These latest courtroom battles suggest that concerns about Meta's data gathering practices are far from over, even as the company makes its own efforts to crack down on misuse.

Previously: Facebook is Receiving Sensitive Medical Information From Hospital Websites – the Markup


Original Submission

This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 4, Interesting) by maxwell demon on Sunday September 25, @09:16AM (3 children)

    by maxwell demon (1608) Subscriber Badge on Sunday September 25, @09:16AM (#1273537) Journal

    "Advertisers should not send sensitive information about people through our Business Tools," Meta spokesperson Dale Hogan wrote to The Markup in an emailed statement.

    Then they should design their tools so that no sucking of information through them is possible. Oh wait, stealing private information is their business model; it's just that they want to avoid that part of the information that could land them in legal trouble (or at least, they want to appear avoiding them).

    "We do not have an adequate level of control and explainability over how our systems use data, and thus we can't confidently make controlled policy changes or external commitments such as 'we will not use X data for Y purpose,' " the memo's authors wrote.

    The adequate level would be: "We don't read any data you don't explicitly give to us, and we only use the data you give us in ways you obviously intended them to be used." Easy to formulate, easy to implement, easy to control.

    Anything beyond that is data theft.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    • (Score: 4, Insightful) by bzipitidoo on Sunday September 25, @01:26PM (2 children)

      by bzipitidoo (4388) on Sunday September 25, @01:26PM (#1273558) Journal

      Don't call this "theft", call it "stalking", or perhaps "voyeurism" or "privacy violation" or "snooping". I'd go for "mass digital stalking" myself.

      What they do with all this info is gossip about it, for $. But there are obviously darker uses. Health info can be particularly sensitive. Most animals try to hide injury and illness. Don't want predators to know at a glance that they are easy prey. I've tried to be careful by not much using FB myself, however, I have found that strategy to be of limited effectiveness thanks to loose lipped relatives and friends. Another strategy is to use cash especially at places such as the drugstore. But the way our medical system works, if you need a prescription, you were already compromised before you walked through the door.

      I find it alarming that enemies and opportunists can so easily acquire the sorts of details that lend themselves to exploitation and abuse. One of the possibilities that concerns me somewhat is whether violence inclined fascists could be compiling lists of people they consider to be traitors, and whether I and my family and friends might be put on such a list. We're not quite to the point of having to wear yellow Stars of David. But now, there's little need for such crude measures. To virtually mark people, likely there are apps for that.

      • (Score: 0) by Anonymous Coward on Sunday September 25, @05:52PM

        by Anonymous Coward on Sunday September 25, @05:52PM (#1273582)

        We're not quite to the point of having to wear yellow Stars of David. But now, there's little need for such crude measures. To virtually mark people, likely there are apps for that.

        The mark (number) [wikipedia.org] of the beast [biblestudytools.com].

      • (Score: 4, Interesting) by stretch611 on Sunday September 25, @06:34PM

        by stretch611 (6199) Subscriber Badge on Sunday September 25, @06:34PM (#1273594)

        the way our medical system works, if you need a prescription, you were already compromised before you walked through the door.

        How true this is...

        A few months ago I was in my Primary care doctor's office. I was asked by the nurse what drug a specialist had prescribed me. I could not remember the name so she logged in to my insurance carrier's website, looked it up, and got a complete list of every drug that I had filled with my insurance plan. As an IT professional, I was not surprised and this merely confirmed what I expected.

        This is why we have and need HIPAA laws. (And truthfully why they should be expanded for better privacy protection rights)

        If you get a prescription it is going into a ton of databases including...
        - the drug store/chain
        - your insurance carrier
        - your doctor
        - your credit card company
        - that "free" drug savings card you picked up to find "cheap" drugs
        - your state government (In theory to only look to make sure you don't abuse certain prescriptions and things like pseudophedrine... in theory)

        Good Luck avoiding all those databases as well... Unless you are filthy rich how are you ever going to pay for an expensive prescription without an insurance plan, savings card, and/or credit card?

        And have you noticed that every single one of those drug cards to make you pay as little as $5/month for a co-pay ALWAYS ask for your social security number?

        --
        Now with 5 covid vaccine shots/boosters altering my DNA :P
  • (Score: 4, Interesting) by drussell on Sunday September 25, @02:08PM (3 children)

    by drussell (2678) Subscriber Badge on Sunday September 25, @02:08PM (#1273559) Journal

    Part of the problem leading to specific things like this happening is the US's absurd profit-based medical care industry in general. Normal countries don't have hospitals or "care networks" that advertise, compete for patient dollars, and therefore fall into the typical retail-shopping type traps of tracking what shoppers do, what they look for, that whole loyalty-card mentality, etc. in order to sell them more stuff at that carefully "optimized" price point to make the most profit with the least expenditure on actual care.

    Why the fuck would a hospital or doctors' office have anything to do with facebook in the first place?! !

    In so many ways on things like this, your country is absolutely absurd!!

    • (Score: 2) by RS3 on Sunday September 25, @05:45PM (2 children)

      by RS3 (6367) on Sunday September 25, @05:45PM (#1273581)

      Why the fuck would a hospital or doctors' office have anything to do with facebook in the first place?! !

      Your question communicates my also-held sentiment: it makes no sense. However, we have this societal behavior of doing what everyone else is doing. "Keeping up with the Joneses". Fads, trends, things that are "viral", trying to look cool, hip, with-it, socially savvy, yet another advertising vehicle, etc. It all sickens me because I had hoped people and society would have become more intellectual by now, especially medicine.

      I like the concept of Facebook, Twitter, etc., if _ALL_ of my information was truly strictly private by default. Many people I know, including my (late) mom have found and kept in touch with family and friends, so if it were properly regulated it would be a great thing.

      I'm proud to say I've never had a facebork account. I quickly learned in the late '90s how insecure and untrustworthy websites could be with any personal information. For years I'd put fake info into any website that demanded personal information, like just to download freeware utilities, patches / updates, etc..

      Also, I've read a few "privacy" agreements, and as I've posted before, they all say "we value your privacy" (meaning, your privacy, or lack thereof, will get turned into value for us). Then they go on to say they'll share your info with their "trusted partners". Wait a minute, who are these "trusted partners"?? And what are their privacy policies? Of course, we never get to know, so there's no end to the journey our information takes.

      What concerns me the most, besides the obvious lack of privacy, is: who wants my data, and for what purpose? "Advertising" is a ruse, something else is going on.

      At the very best, our "government" is very slow to react to things like this. It may be they're spread too thin. It may also partly be they're afraid to mess with economic engines. I'm starting to wonder if we need a Constitutional Amendment guaranteeing personal privacy, much like HIPAA but all-inclusive.

      I'm very happy to see Europe working against this sick voyeurism. Please keep up the good fight.

      • (Score: 2) by stretch611 on Sunday September 25, @06:41PM (1 child)

        by stretch611 (6199) Subscriber Badge on Sunday September 25, @06:41PM (#1273597)

        For years I'd put fake info into any website that demanded personal information

        I hope you did not stop. I still do this.

        The only sites that actually have my real birthday are my credit union and my broker... and they had that data when I opened an account up in person.

        Everything else has fake data.

        --
        Now with 5 covid vaccine shots/boosters altering my DNA :P
        • (Score: 2) by RS3 on Sunday September 25, @07:22PM

          by RS3 (6367) on Sunday September 25, @07:22PM (#1273603)

          I rarely need to enter personal info. Any site that asks for it gets bypassed and I move on. If there's no way around it, Boo Boo Bear it is. :) He lives in Jellystone Park.

          Unless it's very legitimate. This site has one of my legit email addresses, so does green site, ebay, paypal, mortgage company, and a very few others I can't think of right now.

          Email provider forced me into 2FA so I made up birthdates, last names, whatever else they tried to force out of me. They already somehow datamined phone numbers that are wrong. So did ebay. I've tried to communicate with them that phone numbers are very insecure but everyone seems fixated on getting your "mobile number". Mine has changed several times, and I plan to change it soon. I try to tell people that 1) cell numbers are very easy to change (just buy a new account), and 2) very easily hacked (compared to hard-line). I get effectively a blank stare (non-response). They're all indoctrinated to believe SMS is super secure and NOBODY else could ever get your text containing a critical passcode or other sensitive information. Ever hear of entering the wrong number? Hello, is anyone awake out there? Ever hear of hacking?

          Effing paypal- right on their website they say you don't have to give a phone number. I never did, but they do everything they can to try to force it out of me. They say you can delete it (the totally incorrect one they datamined) but you can not. You can change it, but never delete it despite the lie on the previous webpage saying you can.

          A practice that's bugging me is for example new Dr. office has too much of my info online. I'm not aware I gave them that permission, and even if I did, the unknown sharing and insecurity of it violates HIPAA.

          My hope is the HIPAA violation will (finally) get the US govt. to do their jobs and crack down generally on privacy violation.

          And if they don't, maybe doxing them will help them get the point.

  • (Score: 2) by PiMuNu on Sunday September 25, @06:25PM

    by PiMuNu (3823) Subscriber Badge on Sunday September 25, @06:25PM (#1273590)

    If you have people who list you as a contact (via WhatsApp, or FriendFace, or now whatever 3D gimmick they are going for) then their healthcare data reflects entirely on you. Because if your contacts have bad health, probability is that you have bad health; and whatever optimisation routines/machine learning/Artificial Stupidity the insurance companies use to drive their pricing will surely pick up on this, if they have not already.

    Same goes for financials and everything else...

(1)