Senator asks Mark Zuckerberg about Meta’s health data collection policies

U.S. Sen. Mark R. Warner, D-Va., raised concerns this week about the tracking and collection of patient health data by Facebook parent company Meta.

In an Oct. 20 letter sent to Meta CEO Mark Zuckerberg, Senator Warner posed a series of questions about patient privacy and the company’s collection practices.

Specifically, Warner said he was concerned about a particular small piece of code that has raised concerns in recent months for use in health websites and apps.

“I am writing to you today to express my concern over Meta’s collection of sensitive health information through the Meta Pixel tracking tool without user consent,” Warner wrote.

“As you know, I have long worked to protect user privacy and increase transparency about how user data is collected and shared,” he said. “This mission is more urgent than ever as the past two years have shown us the importance of health technology, with many relying on electronic health records, online appointment booking and virtual patient portals. patients to receive care during the pandemic.

Warner clarified its concerns over recent allegations that healthcare consumer data collected by Meta Pixel aided in the deployment of user-targeted advertisements on Meta’s platforms.

“Use of the Meta Pixel is widespread, as the tool was installed in the systems of 33 of the nation’s top 100 hospitals and inside the patient portals of seven health systems at the time of the survey,” said Warner said.

“It’s critical that technology companies like Meta take their role in protecting users’ health data seriously,” he said. “Without meaningful action, I fear that these persistent privacy violations and harmful uses of health data will become the new status quo in healthcare and public health.”

As such, the senator asked Zuckerberg to answer seven questions before November 3:

  • What information does Meta access or receive directly from Meta Pixel, currently or previously?

  • How does Meta store the information received via the Meta Pixel?

  • Has the information Meta received from the Meta Pixel ever been used to inform targeted advertisements on Meta’s platforms?

  • How does Meta handle sensitive information it receives from third parties that violate its business guidelines?

  • What steps does Meta take to protect sensitive health information, especially with third-party vendors? Since The Markup’s report was published in June, what additional steps have been taken?

  • According to the report released last year by the New York State Department of Financial Services, Meta said the screening system “is not yet working with full accuracy.” What improvements have been made to make the filtering system more efficient? How does Meta test and evaluate the filtering system’s ability to identify sensitive health information?

  • Where required by law, does Meta always comply with all notice requirements when the Meta Pixel processes or transmits protected information, in the manner and within the time required by such laws?

Senator Warner’s letter comes the same week as news of a potential data breach at Illinois and Wisconsin-based Advocate Aurora Health that allegedly involved pixel tracking technology. The breach could affect up to 3 million people.

“We have learned that pixels or similar technologies installed on our patient portals available through the MyChart and LiveWell websites and apps, as well as on some of our scheduling widgets, transmit certain patient information to third-party vendors who provide us with pixel technology,” Aurora Attorney officials said in a data breach notice.

They told patients that different users may have been affected in different ways, depending on “their choice of browser; the configuration of their browsers; their blocking, deletion or use of cookies; whether they have Facebook or Google accounts; whether they were logged into Facebook or Google; and the specific actions performed on the platform by the user.”

In response, the health system “disabled and/or removed pixels from our platforms and launched an internal investigation to better understand what patient information was passed to our vendors.”

Warner has prioritized patient protections around user data and privacy, and introduced bipartisan legislation on Capitol Hill, the 2019 DASHBOARD Act, which aims to increase transparency around data collection.

Other bills he has co-sponsored include the DETOUR Act of 2021, which would ban companies such as Meta from using “dark patterns” to manipulate users into sharing their data.

And the Public Health Emergency Privacy Act of 2021 would strengthen data security safeguards and rights around contact tracing, home testing, online appointment booking, and more.

“I am disturbed by the recent revelation that the Meta Pixel was installed on a number of hospital websites – including password-protected patient portals – and the sending of sensitive health information to Meta when a patient made an appointment online,” Senator Warner wrote.

“This data included highly personal health data, including patients’ medical conditions, appointment subjects, doctors’ names, email addresses, phone numbers, IP addresses and other details. on patients’ medical appointments.”

In a new era of telehealth and virtual care, patient-generated health data, digital therapies and other consumer-driven innovations, these concerns are very real, he said.

“As we increasingly move healthcare online, we need to ensure that strong safeguards are in place around the use of these technologies to protect sensitive healthcare information,” Warner said.

Twitter: @MikeMilliardHITN
Email the author: [email protected]

Healthcare IT News is a HIMSS publication.

Comments are closed.