Photo Credit: pexels
Facebook and other social media platforms may be sharing some of your most sensitive and private health information, and you don’t even know it. According to a recent study published in a well-respected data science journal, members of online patient communities are particularly at risk. As soon as these patients land on any type of healthcare-related website, information about their activity is being collected online and then potentially shared with Facebook and third-party advertisers.
The right to health privacy
When confronted with the study’s findings, the healthcare companies at the center of the privacy fiasco quickly found a few ways to explain away any possible HIPAA violations. One healthcare company, for example, claimed that it was not a “healthcare provider.” Instead, it was a “healthcare publisher,” and thus was not bound by any stringent HIPAA regulations. Another healthcare company stated that it had instituted all sorts of measures – such as pop-up warnings and warning statements all over the website – to help prevent this type of outcome. If patients shared personal information, they suggested, it was because they gave their consent and had opted-in, so they are not to blame.
Is Facebook culpable?
Facebook, as might be expected, also claims that it was not to blame here. After all, companies were not directly sharing the health data of their patients and clients with them. Rather, they were using this health data to design better ads. So, Facebook was only receiving the information indirectly, and certainly not in a way that identified any of the patients by name. Facebook claims the fault is with the healthcare providers because they specifically tell all of their advertising partners: do not share private and sensitive information with us.
But let’s use some rational logic here. If a healthcare company collects all sorts of information about a cancer patient, such as information about which links on a website they clicked, or which websites they visited after leaving their site, then they really shouldn’t be using that information to target these patients with ads later. That’s just unethical, even if it may not be illegal. It’s certainly acceptable for them to use this information for purely internal purposes if it helps them improve the overall patient experience. But a healthcare company shouldn’t be able to go to Facebook and say, “Hey, Mark Zuckerberg, help us find some more cancer patients using all this new data we have about their health issues.”
A final warning for Facebook
Sometimes, it seems like the whole system is broken when it comes to advertising on social media. Facebook wants to make as much money as possible from selling ads, and companies want to add as many new clients and customers from buying ads. Right now, their business goals seem to align. But it seems like nobody is watching out for the people who are at the center of these advertising transactions.
At the end of the day, your sensitive health information is probably not safe from Facebook. And it looks like the data sharing will never stop unless tougher measures are used. Maybe it’s time to strengthen the HIPAA privacy law, or maybe it’s time to introduce other measures to make all this data-sharing go away. If social media companies won’t self-regulate, then the task may fall to the government to regulate them even more extensively.