The news: A tracking tool on at least 33 US hospital websites is sending sensitive health information to Facebook, according to a test conducted by The Markup and STAT.
What’s a Meta Pixel tracker? It’s Meta’s ad tracking tool that helps companies track visitor activity to understand the actions they take on their website.
The Markup found that whenever someone clicked a button on 33 hospital websites to make an appointment, the Meta Pixel sent “a packet of data” to Facebook. This data is connected to an IP address, which can be linked to an individual household.
The big takeaway: The privacy leak could be a breach of HIPAA and cost health systems millions.
The Meta Pixel blunder could come with a hefty price tag for the hospitals involved if patients decide to take legal action against their hospital for an alleged HIPAA violation. In fact, the average cost of a healthcare data breach is now $9.42 million, per the HIPAA Journal.
Meta isn’t required to adhere to patient privacy laws like HIPAA, but hospitals are. The only workaround to sharing patient data is if it’s de-identified prior to sharing it with a third party.