Meta gathered people’s private medical data to show them ads on Facebook, lawsuit alleges
The Meta Pixel, which tracks users across the internet, was used on 33 of the top 100 hospital websites in the US
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Meta is being sued for collecting data from US hospitals without users’ knowledge, two new lawsuits allege.
The claims focus on the Meta Pixel, which sends Facebook data whenever they click a button.
A recent report from The Markup found that the pixel was used on 33 of the top 100 hospitals in America. The data that is sent to Facebook includes an IP address, meaning that the user or their household could be identified.
At seven of these 33 hospitals, the pixel was installed on password-protected patient portals – sharing information including the names of patients’ medications, descriptions of their allergic reactions, and details about their upcoming doctor’s appointments. Some hospitals removed the pixels after The Markup’s report.
One lawsuit alleges that medical information was sent to Facebook via the pixel from the University of California San Francisco and Dignity Health patient portals, which resulted in her seeing adverts for her heart and knee conditions – some of which had no scientific support.
United States medical privacy law states that healthcare organisations need the patient’s consent to share identifiable information to outside groups, with the lawsuits alleging that Meta is knowingly not enforcing these policies.
Meta did not respond to The Independent’s request for comment before time of publication and did not answer questions sent by The Markup.
Instead, a spokesperson paraphrased the company’s sensitive health data policy: “If Meta’s signals filtering systems detect that a business is sending potentially sensitive health data from their app or website through their use of Meta Business Tools, which in some cases can happen in error, that potentially sensitive data will be removed before it can be stored in our ads systems”.
“I am deeply troubled by what [the hospitals] are doing with the capture of their data and the sharing of it,” said David Holtzman, a health privacy consultant who previously served as a senior privacy adviser in the US Department of Health and Human Services’ Office for Civil Rights, which enforces HIPAA, told The Markup.
“I cannot say [sharing this data] is for certain a HIPAA violation. It is quite likely a HIPAA violation.”
The lawsuits have not yet been certified as class actions, which a judge will need to do before they cand develop, but if they do, they could bring damages on behalf of all users whose medical providers have used the pixel.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments