The Markup Discovered Hospital Use of Meta Pixel Sharing Patient Sensitive Data

A recent test conducted by independent journalism site, The Markup, discovered 33% of the hospitals rated to be the “Best in the United States” by Newsweek were found to be sending consumer’s private medical data to Facebook via Facebook/Meta’s  popular website tool, Meta Pixel.

The Use of Meta Pixel by Hospitals

Meta Pixel, previously known as Facebook Pixel up until about February 2022, is a popular website analytics tool. Website analytics tools are incredibly important to determine how to best drive traffic and capture audiences on the web. Meta Pixel is an incredibly popular tool and is perhaps best known for its expertise in “remarketing.” Remarketing is an advertising strategy with which you are probably familiar. Remarketing is the strategy which reminds shoppers if they have left items in their shopping cart.

The Markup was able to determine that, when patients scheduled appointments on hospital websites, Facebook was receiving that information. Via Meta Pixel, Facebook was able to receive the information because Meta Pixel was tracking the appointment scheduling. Many of the hospitals also had various other trackers on their websites. By reviewing the IP addresses sent to Facebook, The Markup was able to determine that hospitals were sending the information such as patient IP addresses, doctors visited, appointment information, and sometimes the first and last name of the patient.

With the patients sometimes being children, among other breaches, experts say that Meta could be in violation of The Health Insurance Portability and Accountability Act, popularly known as “HIPAA,” which is responsible for the lion share of privacy protection in the healthcare industry. 

The Markup noted that, when it reached out to certain hospitals, Mega Pixel and other trackers for big name websites, such as Google or Salesforce, remained.

Meta Pixel and FAFSA Data

This is not the first time Meta Pixel has come under federal scrutiny.  In 2018, Facebook responded to government inquiries regarding Mega Pixel, admitting that the tool was working on more than two million websites. The Markup similarly revealed that Meta Pixel was embedded in the Department of Education’s federal student aid application site, which meant that Meta was receiving personal information regarding FAFSA.

Meta has tried to deflect responsibility for the potential privacy breaches, preferring to shift the blame to the companies that embed Meta Pixel into their websites. Meta has stated that it is against their company policy to receive such sensitive data and that its systems are designed to block and filter out sensitive information to avoid liability.

Reluctancy by Website Owners to Stop Use of Meta Pixel Tool

Despite all of this, most advertisers are still reluctant to remove Meta Pixel from their websites due to the lucrative leads it provides. As targeted ads comprise the majority of revenue earned by websites, it makes sense that these websites, even hospitals, are reluctant to remove the web tool. While the Markup is doing admirable work in uncovering the data collection oversight, many privacy experts worry that, with this revelation, such sensitive data could now be vulnerable to attack by hackers.  Moreover, experts note that child patients have no control over the dissemination of their personal information if a parent chooses to use the offending websites.

Hopefully, the hospitals and the Department of Education decide to remove Meta Pixel now that it has been demonstrated that they are not safeguarding the sensitive information of visitors to their page. As such, it behooves counsel to become educated regarding this revelation and to lobby for the removal or editing of Meta Pixel.

Key Takeaways on the Use of the Meta Pixel Tool on Consumer Websites

Meta Pixel is a popular website analytics tool that has been revealed to be leaking private information and data. Consumers should be aware that:

• Meta Pixel provides websites with targeted advertising leads and website owners are reluctant to stop use of the tool;

• Many companies, including hospitals continue to operate Meta Pixel with impunity even though it is possible HIPAA violations have occurred with such use; and

• Meta Pixel defends by indicating it is against its policy to receive sensitive data and pushes blame to the users of the tool.

For more information about data privacy, see our Technology Law Services and Industry Focused Legal Solutions pages.