Meta Sued For Violating Patient Privacy With Data Tracking Tool (theverge.com) 37
Facebook's parent company Meta and major US hospitals violated medical privacy laws with a tracking tool that sends health information to Facebook, two proposed class-action lawsuits allege. From a report: The lawsuits, filed in the Northern District of California in June and July, focus on the Meta Pixel tracking tool. The tool can be installed on websites to provide analytics on Facebook and Instagram ads. It also collects information about how people click around and input information into those websites.
An investigation by The Markup in early June found that 33 of the top 100 hospitals in the United States use the Meta Pixel on their websites. At seven hospitals, it was installed on password-protected patient portals. The investigation found that the tool was sending information about patient health conditions, doctor appointments, and medication allergies to Facebook.
An investigation by The Markup in early June found that 33 of the top 100 hospitals in the United States use the Meta Pixel on their websites. At seven hospitals, it was installed on password-protected patient portals. The investigation found that the tool was sending information about patient health conditions, doctor appointments, and medication allergies to Facebook.
"Meta" is short for "Metastasize" (Score:5, Funny)
fitting, isn't it?
Re:"Meta" is short for "Metastasize" (Score:5, Interesting)
It's even funnier in German where "Stasi" was the nickname of the "Ministerium für Staatssicherheit" [wikipedia.org], basically the service that spied on its own citizen in the former GDR.
So Facebook basically becoming the MetaStasi has an additional funny angle in German.
Almost surely a business decision (Score:2)
As for the tracking tool being installed, this is almost surely driven by a business decision that did not receive any technical oversight at the hospital level. Or at least I surely hope that is the case.
As to Meta/Facebook - I used VMs at one point to see what changes were made to them before and after logging in the first time with a brand new account.
I was not pleased with my findings.
Re:Almost surely a business decision (Score:4, Insightful)
Re: (Score:1)
I work in a hospital but not in anything patient related- I'm actually in research and tend to avoid anything clinical- but we still get HIPAA drilled into us. We're regularly reminded about the importance of not letting patient information get into the wrong hands. I find it incredibly hard to believe the hospital OKed letting this stuff going to Meta.
Re: (Score:3)
Then, sorry, but you haven't a clue how a hospital, as a business, operates.
THIS
Running a hospital has nothing to do with taking care of patient's health. I saw that first hand when a few local hospitals were clients of mine.
It's all about the BENJAMINS.
Re: (Score:2)
I have some idea how a hospital operates as a business entity. One of the things that is drilled into us in HIPAA training is it isn't just employees who face penalties if protected patient information is disclosed. Their employer can face huge fines, too. That's why they spend so much time training us! If it were only the employees who would be penalized, the hospital would do the bare minimum. Because the hospital faces serious penalties, they take the training very seriously. HIPAA was written that
another scandal.. business as usual (Score:5, Insightful)
Re: (Score:3)
Re:another scandal.. business as usual (Score:5, Insightful)
While HIPAA definitely has teeth, I'll be surprised if Meta is considered a covered entity according to the law. The hospitals are likely in way more trouble than Meta is. I agree they should be held accountable, but Meta really is just as guilty here.
Re:another scandal.. business as usual (Score:5, Informative)
A business associate may use or disclose protected health information only as permitted or required by its business associate contract or other arrangement pursuant to 164.504(e) or as required by law. The business associate may not use or disclose protected health information in a manner that would violate the requirements of this subpart, if done by the covered entity, except for the purposes specified under 164.504(e)(2)(i)(A) or (B) if such uses or disclosures are permitted by its contract or other arrangement.
Re: (Score:2, Informative)
Facebook isn't the medical provider, and thus isn't subject to HIPAA. The hospitals, however, are, and should be held brutally accountable. (And they, in turn, may well have a case against Facebook, if lies were told by their marketing droids.)
Re:another scandal.. business as usual (Score:5, Insightful)
Re: (Score:2)
True. Health plans and healthcare clearinghouses are, as well. Facebook is neither.
Re: (Score:2)
Re: (Score:2, Informative)
Re: (Score:3)
HIPAA covers the type of information, who's stealing it is not relevant.
You are mistaken. [hhs.gov]
From the authoritative source - the government agency that enforces the law:
"A Covered Entity is one of the following:
A Health Care Provider A Health Plan A Health Care Clearinghouse"
Facebook is none of these entities.
The hospitals have quite a bit of culpability here for not fully understanding what was being leaked from their websites. If however it comes back the Facebook failed to disclosed the data they were harvesting (aka lying), there are deeper ramifications, perhaps fraud.
None of which are HIPAA related in any way.
Re: (Score:2)
Re: (Score:1)
This is a blatant HIPAA violation. It demonstrates FB’s complete lack of regard for existing laws and basic security (yours that is). This is the face of unrepentant greed, profit at any cost, sell your mother for buck.. aka neoliberal capitalism. We’ll see what happens, but my guess is nothing. Our only recourse is to drop FB. Don’t use their apps or hand your private life to these carpet baggers.
Also shows just how little accountability employees of these companies have to the public. These employees conjure up the ideas, in the name of profits, knowing full well that if the government cracks down and applies penalties the company C. Corp standing will absorb the penalty while the company rakes in massive profits. This negligence happens all the time, and its disgusting. Capitalism at its finest.
What is Meta liable for? (Score:1, Troll)
If you buy a book from a bookstore, are you liable if the book contains private medical information? Meta simply bought this information and told the seller to certify that the information is sent with patient's permission. This is purely hospital's duty and only if hospital's are bankrupt then Meta is liable for violation here.
The second allegation is about Meta using the information for serving ad. This could open up door for liability for Meta. However, here the patients will have to show an actual harm
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Oh, really? Have you ever gone to a website and seen a notice telling you that your data is being collected and sent to a third party? If so, were you ever given any option to opt out other than leaving the site? The whole point of this issue is that it's being collected without the patient's knowledge or consent.
Re: (Score:3)
Re: (Score:2)
This is all hospital's fault. Meta does not own hospital websites. So the liability is with the hospitals, not Meta.
Re: (Score:3)
This is the reason... (Score:2)
Re: (Score:2)
You blocked your browser doing it, but obviously you didn't stop their server doing it. Tracking is done using both client and server-side methods, and it's up to the organization to implement either or both.
Re: (Score:3)
You mean you don't know that there are server-side APIs for all the major so-called pixel tracking services? Are you new?
Well... yeah? (Score:2)
Violating the privacy of its users is basically the business model of the Metastasis.
it's ok they will (Score:2)
Scale of HIPPA Fines (Score:2)