.st0{fill:#FFFFFF;}

Podcast

Amazon, Facebook, and PHI oh my! – Ep 369 

 August 19, 2022

By  Donna Grindle

Share0
Tweet0
Share0

protect PHI

In order to protect PHI, you have to know where it is stored and how it comes in, goes out and moves around your organization. This includes marketing analytic tools used on websites and patient portals. They could be transmitting PHI to social media platforms. Very unnerving, right?

A 5 star review is all we ask from our listeners.
1x
Apple PodcastsGoogle PodcastPlayer EmbedShare Review Us on Apple PodcastsListen in a New WindowDownloadSoundCloudStitcherSubscribe on AndroidSubscribe via RSSSpotify
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

Amazon, Facebook, and PHI oh my! – Ep 369

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

Amazon, Facebook, and PHI?

[03:51] Two recent news articles make us think carefully about where all of our PHI could be going right now and in the future.

Facebook Is Receiving Sensitive Medical Information from Hospital Websites – The Markup

The Markup scanned the websites of just over 100 hospitals. 33 of them were identified as sending patient appointment details to Facebook using the Meta Pixel tracking tool.

[15:15] Here are a few examples they shared of what they found:

Clicking the “Schedule Online Now” button for a doctor on the website of Froedtert Hospital, in Wisconsin, prompted the Meta Pixel to send Facebook the text of the button, the doctor’s name, and the condition we selected from a dropdown menu: “Alzheimer’s.”
The Markup also found the Meta Pixel installed inside the password-protected patient portals of seven health systems. On five of those systems’ pages, we documented the pixel sending Facebook data about real patients who volunteered to participate in the Pixel Hunt project, a collaboration between The Markup and Mozilla Rally.
In addition, if a patient is logged in to Facebook when they visit a hospital’s website where a Meta Pixel is installed, some browsers will attach third-party cookies—another tracking mechanism—that allow Meta to link pixel data to specific Facebook accounts.
When The Markup clicked the “Finish Booking” button on a Scripps Memorial Hospital doctor’s page, the pixel sent Facebook not just the name of the doctor and her field of medicine but also the first name, last name, email address, phone number, zip code, and city of residence we entered into the booking form.

Hospitals that responded to questions by The Markup team were standard for the most part. But, many did not respond at all. Overall it seems that none of them understood the risk. Some said they would remove the code in their sites that used the Meta Pixel tool until they could do further evaluation. And, of course, some are taking no responsibility for the risk it poses.

[23:22] The Markup team provided excerpts from the hospital response:

COMBINED hospital comments – DocumentCloud

Here are some examples from the excerpts:

Community Health Network

We are committed to patient privacy, the protection of personal health information, and compliance with all federal, state, and local laws applicable to our business and operations.

Froedtert Hospital

Out of an abundance of caution Froedtert Health has removed Facebook’s, The Meta Pixel, from our website that we had utilized for analytical purposes to help improve our services.

Novant Health

We appreciate you reaching out to us and sharing this information. Our Meta pixel placement is guided by a third party vendor and it has been removed while we continue to look into this matter.

Northwestern Memorial Hospital

The use of this type of code was vetted and is referenced in NM.org’s Terms and Conditions.

Amazon Healthcare Acquisition

[28:52] Another recent news story states Amazon has stepped into the healthcare market by acquiring One Medical. One Medical has more than 8,000 employer clients, 188 in-person locations and provides virtual telehealth services.

Amazon’s Acquisition of One Medical Sparks Health Data Privacy, Security Concerns

Depending on what direction Amazon will go with healthcare services from this acquisition, HIPAA may or may not apply. If they move towards concierge care, which doesn’t take insurance, then HIPAA doesn’t apply. This means they don’t have to keep patients’ information private.

Go to top

Accessing medical information online and using patient portals to view your own health information is very convenient these days. But are they truly secure and keeping your data private? There are ways to block Meta Pixels and browsers that will block cookies and other tracking tools. So look into those if you want to take action on your own to protect your private data. You can’t always count on your providers to protect it for you.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Listener Survey

Special thanks to our sponsors Security First IT and Kardon.

Share 0
Tweet 0
Share 0

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: