NHS Shares Patient Data with Facebook Without Consent, Sparking Privacy Concerns
The NHS has been sharing personal details about patients with Facebook without consent, despite promising not to do so.
An investigation by The Observer has found that 20 NHS trusts have been using a tracking tool called Meta Pixel, which collects browsing information and shares it with Facebook.
The data includes details of pages viewed, buttons clicked, and keywords searched, and can be used by Facebook for its own business purposes, such as improving its targeted advertising services.
The information collected could reveal personal medical details and millions of patients are potentially affected.
Eighteen of the 20 NHS trusts that were using Meta Pixel have pulled the tracking tool from their websites, and eight have issued apologies to patients.
The Information Commissioner's Office is investigating.
The findings have caused alarm among privacy experts, who say that the potential breaches of data protection and patient confidentiality are "completely unacceptable." The NHS is sharing patient data with Facebook without explicit consent, which is illegal without a lawful basis.
The data is transferred to Facebook's servers and it is not possible to track how it is used once it reaches there.
Facebook has filters to weed out sensitive health information, but the transfer of data to third parties by the NHS risks damaging the trust of patients.
Some NHS trusts have promised not to share or use patient information for marketing purposes, but most do not have explicit consent from patients.
The use of tracking tools like Meta Pixel on NHS websites is widespread, with 20 trusts sharing data with Facebook.
The Royal Marsden and Alder Hey removed the tracking tool from their websites, but others are investigating the matter internally.
The Information Commissioner's Office is considering the matter and has noted the findings.
In December, the Biden administration warned that tracking pixels, invisible pieces of code used by hospitals to collect patient data without consent, could be a potential federal law violation.
Several leading US hospitals are currently being sued by their patients over their use of these pixels, which have been linked to the transfer of sensitive health information to third parties.
Meta, a company that provides business tools to advertisers, is facing legal action over accusations that it knowingly received sensitive health information from its partner websites and not taking steps to stop it.
The plaintiffs claim that Meta violated their medical privacy by intercepting "individually identifiable health information" from its partner websites and "monetising" it.
The Liberal Democrat health spokesperson has described the findings as a "shocking discovery" that raises serious questions about the protection of patient information.
The NHS has said that individual trusts are responsible for ensuring they follow data protection laws, and that it is looking into the issue to take further action if necessary.
Meta said it had contacted the trusts to remind them of its policies, which prohibited organisations from sending it health data.
The company did not answer questions about the effectiveness of its filters designed to weed out "potentially sensitive data" or why it permitted NHS trusts to send it data at all.
The data includes details of pages viewed, buttons clicked, and keywords searched, and can be used by Facebook for its own business purposes, such as improving its targeted advertising services.
The information collected could reveal personal medical details and millions of patients are potentially affected.
Eighteen of the 20 NHS trusts that were using Meta Pixel have pulled the tracking tool from their websites, and eight have issued apologies to patients.
The Information Commissioner's Office is investigating.
The findings have caused alarm among privacy experts, who say that the potential breaches of data protection and patient confidentiality are "completely unacceptable." The NHS is sharing patient data with Facebook without explicit consent, which is illegal without a lawful basis.
The data is transferred to Facebook's servers and it is not possible to track how it is used once it reaches there.
Facebook has filters to weed out sensitive health information, but the transfer of data to third parties by the NHS risks damaging the trust of patients.
Some NHS trusts have promised not to share or use patient information for marketing purposes, but most do not have explicit consent from patients.
The use of tracking tools like Meta Pixel on NHS websites is widespread, with 20 trusts sharing data with Facebook.
The Royal Marsden and Alder Hey removed the tracking tool from their websites, but others are investigating the matter internally.
The Information Commissioner's Office is considering the matter and has noted the findings.
In December, the Biden administration warned that tracking pixels, invisible pieces of code used by hospitals to collect patient data without consent, could be a potential federal law violation.
Several leading US hospitals are currently being sued by their patients over their use of these pixels, which have been linked to the transfer of sensitive health information to third parties.
Meta, a company that provides business tools to advertisers, is facing legal action over accusations that it knowingly received sensitive health information from its partner websites and not taking steps to stop it.
The plaintiffs claim that Meta violated their medical privacy by intercepting "individually identifiable health information" from its partner websites and "monetising" it.
The Liberal Democrat health spokesperson has described the findings as a "shocking discovery" that raises serious questions about the protection of patient information.
The NHS has said that individual trusts are responsible for ensuring they follow data protection laws, and that it is looking into the issue to take further action if necessary.
Meta said it had contacted the trusts to remind them of its policies, which prohibited organisations from sending it health data.
The company did not answer questions about the effectiveness of its filters designed to weed out "potentially sensitive data" or why it permitted NHS trusts to send it data at all.
