SoylentNews

upstart [soylentnews.org] writes:

████ # This file was generated bot-o-matically! Edit at your own risk. ████

Facebook Is Receiving Sensitive Medical Information from Hospital Websites – The Markup [themarkup.org]:

The Meta Pixel sends information to Facebook via scripts running in a person’s internet browser, so each data packet comes labeled with an IP address that can be used in combination with other data to identify an individual or household [norton.com].

HIPAA lists IP addresses as one of the 18 identifiers [luc.edu] that, when linked to information about a person’s health conditions, care, or payment, can qualify the data as protected health information. Unlike anonymized or aggregate health data, hospitals can’t share protected health information with third parties except under the strict terms of business associate agreements that restrict how the data can be used.

In addition, if a patient is logged in to Facebook when they visit a hospital’s website where a Meta Pixel is installed, some browsers will attach third-party cookies—another tracking mechanism—that allow Meta to link pixel data to specific Facebook accounts.

And in several cases we found—using both dummy accounts created by our reporters and data from Mozilla Rally volunteers—that the Meta Pixel made it even easier to identify patients.

When The Markup clicked the “Finish Booking” button on a Scripps Memorial Hospital doctor’s page, the pixel sent Facebook not just the name of the doctor and her field of medicine but also the first name, last name, email address, phone number, zip code, and city of residence we entered into the booking form.

Original Submission