SoylentNews is people
SoylentNews
A tracking tool installed on many hospitals' websites has been collecting patients' sensitive health information—including details about their medical conditions, prescriptions, and doctor's appointments—and sending it to Facebook. The Markup tested the websites of Newsweek's top 100 hospitals in America. On 33 of them we found the tracker, called the Meta Pixel, sending Facebook a packet of data whenever a person clicked a button to schedule a doctor's appointment. The data is connected to an IP address—an identifier that's like a computer's mailing address and can generally be linked to a specific individual or household—creating an intimate receipt of the appointment request for Facebook.
[...] The Meta Pixel sends information to Facebook via scripts running in a person's internet browser, so each data packet comes labeled with an IP address that can be used in combination with other data to identify an individual or household.
HIPAA lists IP addresses as one of the 18 identifiers that, when linked to information about a person's health conditions, care, or payment, can qualify the data as protected health information. Unlike anonymized or aggregate health data, hospitals can't share protected health information with third parties except under the strict terms of business associate agreements that restrict how the data can be used.
In addition, if a patient is logged in to Facebook when they visit a hospital's website where a Meta Pixel is installed, some browsers will attach third-party cookies—another tracking mechanism—that allow Meta to link pixel data to specific Facebook accounts.
[...] Houston Methodist Hospital, in Texas, was the only institution to provide detailed responses to The Markup's questions. The hospital began using the pixel in 2017, spokesperson Stefanie Asin wrote, and is "confident" in Facebook's safeguards and that the data being shared isn't protected health information.
[...] Asin added that Houston Methodist believes Facebook "uses tools to detect and reject any health information, providing a barrier that prevents passage of [protected health information]."
[...] "The evil genius of Facebook's system is they create this little piece of code that does the snooping for them and then they just put it out into the universe and Facebook can try to claim plausible deniability," said Alan Butler, executive director of the Electronic Privacy Information Center. "The fact that this is out there in the wild on the websites of hospitals is evidence of how broken the rules are."
(Score: 2) by istartedi on Monday June 20 2022, @11:38PM
I've seen this kind of stuff going on with Covered California's web site. It looks a little better now, but when I go there and check NoScript it still hits bing.com, doubleclick.net and a few other things that look sus.
They took the Twitter link off, but they have a link to their FaceBook page. I don't see any FaceBook specific looking domains; but like I said it still looks bad.
Seriously, who wants to post about their health insurance anyway?
I think some of this is there because "programming is hard, let's go shopping". So the developers of these sites go to frameworks developed by big companies because they know how to use them. Trackers come along for the ride like Boba Fett floating amidst the garbage dumped by the Big Tech battle cruisers.
Appended to the end of comments you post. Max: 120 chars.