Hospitals that sent patient data to Facebook should be investigated, state reps say

Teddy Rosenbluth
·2 min read

Hospitals that sent patient data to Facebook should be formally investigated, two state representatives argued in a letter to the Attorney General ‘s Office Thursday.

Reps. Brian Farkas and Donny Lambeth asked the attorney general to investigate whether hospitals violated consumer protection or privacy laws, and to recommend legal changes that would protect patients from privacy breaches in the future.

“To be frank, the ability for patients in North Carolina to partake in our health care system, which often obligates the use of modern technology, should not come at the cost of privacy,” the letter read.

An investigation would hold the health systems accountable and signal the importance of patient privacy to other providers, the representatives wrote.

A spokesperson for the attorney general said in a statement, “Our office is extremely concerned about the reports on Facebook’s access to medical information and the disclosure of people’s information. We are actively investigating this matter.”

Cody Hand, an official at the North Carolina Healthcare Association, which represents state hospitals, said his organizations looks forward to working with Attorney General Josh Stein to make sure patient data is secure.

“While we understand that there is a need to ensure that data has been protected, we are sure that the Attorney General will find all protections have been in place,” he said.

Last week, an investigation by the Markup and STAT found that four of North Carolina’s largest health care systems sent sensitive health information to Facebook.

The providers used a digital tracker called Meta Pixel in their patient portals or appointment scheduling websites, which could have sent Facebook information about patients’ health conditions, allergies and, in the case of Novant Health, sexual orientations.

That data was sent along to the advertising giant along with an IP address, which could be used to trace the health data back to a specific individual or household.

The health care providers implicated in the article — Duke University Hospital, Atrium Health Carolinas Medical Center, WakeMed and Novant Health — recorded more than 4 million admissions and outpatient appointments in 2020, according to data from the American Hospital Association.

A spokesperson for Novant Health said Meta Pixel was removed from its patient portal after concerns were brought to their attention.

“We continue to evaluate what information possibly may have been shared and will follow all appropriate steps if we determine there was a possibility that protected health information was shared,” the spokesperson said.

This is a breaking news story and will be updated.