The biggest of the social media giants is Facebook. It has almost 3 billion monthly active users! That makes it one of the most important platforms for making the world as connected as it is no. Connecting with someone or a piece of information on Facebook is easy. To enable users, Facebook needs to connect itself with information. 

But how far can the company go to provide such services? That is a big question now because Facebook once again found itself in the hot seat.

Does Facebook Really Gather Confidential Health Data?

Facebook Follower CEO Mark Zuckerburg says the people in his company “lovingly” call him the “Eye of Sauron.” He claims it is because of how he can focus on something. But is that the nickname’s real meaning? Users’ interpretation is that it means he sees everything. The latest controversy did not help change this interpretation.

The Markup Investigation Found A Facebook Tracker in Hospitals

Suppose you are sick. Many things are now done online, including scheduling an appointment with a doctor. So, you’ll probably go that route too.

When you book an appointment, who do you expect would know about it? You would think it would be only you, the doctor, and the hospital. Unfortunately, if you did it on the website of a hospital in Newsweek’s top 100, it may not be the case. The Markup investigated and found that 33 hospitals in that list send sensitive data to Facebook.

The Hospitals send Facebook a packet of data using an ad tracking tool called “Meta Pixel” built into their systems. Said data packets contain sensitive information such as the patient’s name and IP address.

Froedtert Hospital in Wisconsin is one of the guilty hospitals. Clicking the “Schedule Online Now” button on its website prompts Meta Pixel to send Facebook some information. The tool notifies Facebook about the text on the button, the doctor’s name, and the condition selected on the dropdown menu.

The website of University Hospitals Cleveland Medical Center does the same when people click the “Schedule Online” button. But instead of the condition from a dropdown menu, it sends the term the person used to find the doctor.

And the craziness does not end there. The Markup found Meta Pixel is also installed in seven health system’s password-protected patient portals.

Real patients helped The Markup to find that by volunteering for the Pixel Hunt Project. It is a crowd-sourced project where anyone can install Mozilla’s Rally browser add-on to send The Markup data about Meta Pixel. On five of the seven systems, The Markup found Meta Pixel sending data about the volunteers to Facebook. The sent information includes the patient’s medications names, allergic reaction descriptions, and details about upcoming appointments.

The Hospitals Violated HIPAA

Health data security experts, former regulators, and privacy advocates reviewed The Markup’s report. They all agree that the 33 hospitals may have violated the federal Health Insurance Portability and Accountability Act (HIPAA).

Does Facebook Really Gather Confidential Health Data?

HIPAA is a law that doesn’t allow covered entities like hospitals to share personally identifiable information with third parties unless there is consent. And that’s what the hospitals in question did. They sent data to Facebook, a third party, without informing the patients about it. The Markup found no evidence that Meta or the hospitals are obtaining patients’ consent. Furthermore, no contract that allows them to do that is in place.

David Holtzman is one of the health privacy consultants who spoke about this. He served as a senior privacy adviser in the U.S. Department of Health and Human Services Office for Civil Rights. That is the department that enforces HIPAA.

Holtzman says what’s going on on hospitals’ websites troubles him. However, he can’t say that it is for certain a HIPAA violation. Though, he says it is “likely a HIPAA violation.

Froedtert Hospital removed Meta Pixel from its website after reviewing The Markup’s findings. In a statement, Steve Schooff, a spokesperson for the hospital, wrote that it is “out of an abundance of caution.”

By June 15, six other hospitals and five health systems removed Meta Pixel from their websites.

To be clear, Facebook is not subject to HIPAA. However, the experts are concerned about how it may use the collected data for its own profit.

Meta Hit With A Class Action Lawsuit

All that heard the story from The Markup knew this was coming. And here it is.

An anonymous patient of Baltimore’s Medstar Health System filed the case in the Northern District of California. They did it on behalf of “millions of Americans whose medical privacy has been violated by Facebook’s Pixel tracking tool.”

The Markup and the experts it worked with said it is likely a HIPAA violation. On the other hand, the class action is more explicit with its claims.

The plaintiff in the lawsuit wrote that Facebook is aware that it is receiving patient data without the patients’ knowledge. It also does not have consent or valid HIPAA authorizations.

Does Facebook Really Gather Confidential Health Data?

The plaintiff identified at least 664 hospital systems or medical provider web properties that sent data to Facebook via Meta Pixel. So, the plaintiff asked the court to award compensatory and punitive damages related to an alleged breach of contract and constitutional invasion of privacy. Violation of the California Invasion of Privacy Act and the Electronic Communications Privacy Act are also cited as reasons.

What Does Facebook Say

The Markup sent questions to Facebook regarding how it uses the data collected through Meta Pixel. Meta (Facebook’s parent company) did not respond to the questions. However, it referenced its policy to remove potentially sensitive health data via the filtering tool. Unfortunately, The Markup noted the tool’s poor accuracy.

Facebook acknowledges that the Meta Pixel and other tracking tools collect users’ personally identifiable information. It is in the platform’s business tools terms of service.


Facebook indeed does gather confidential health data. And it is concerning, especially because it is not transparent about how it uses the gathered data. It could be for targeting the patients with ads, helping the company profit from it.

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Buy Facebook Likes Reviews
Would love your thoughts, please comment.x