A new study shows how websites and apps gather people’s sensitive health-related information, sometimes without consent, and channel it to the social media giant to generate business.
Digital health companies are funneling sensitive data that patients have shared with them to Facebook to help target advertisements, according to a new study from research group the Light Collective. In some cases this sharing is running afoul of the companies’ own privacy policies and raising concerns about HIPAA violations.
The peer-reviewed study, published Monday in Patterns, a data science journal, examines the way data from individuals’ health-related activity online is tracked across websites or platforms and then used for advertising purposes on Facebook. The researchers studied the online activities of 10 participants active in the online cancer community who had used digital health tools from five different companies: Color Genomics, Myriad Genetics, Invitae, Health Union and Ciitizen. They found that third-party ad trackers used by those companies followed the patients online and marketed to them based on those activities. Three of the companies went against their own privacy policies in the process.
The authors said that after disclosing their findings to the five companies, only Ciitizen and Invitae responded, saying they were investigating the privacy issues with the tracking tools. None of the five companies had responded to requests for comment from Forbes at the time of publication. Facebook’s parent company, Meta, did not immediately respond to a request for comment.
“Health privacy is a basic requirement in digital medicine for reducing the abuse of power and supporting patient autonomy.”
Andrea Downing, cofounder of the Light Collective, which is focused on privacy issues in the online world, said “data gathering and predictive algorithms that are used for advertising and other purposes are one of the biggest threats to online patient communities.” It puts them at greater risk of discrimination and online scams, the authors wrote, adding that tracking software can make cancer-patient populations in particular more vulnerable to medical misinformation and privacy breaches.
Despite the small scale of the study, it is indicative of larger data-sharing trends across digital health and social media. An investigation published earlier this summer by The Markup, for example, revealed how hospital websites use trackers to gather and share sensitive patient information with Facebook for marketing, in possible violation of the Health Insurance Portability and Accountability Act, or HIPAA.
Lengthy, ambiguous privacy policies for these apps often leave users unclear on how their data will be collected, shared and used. Some platforms also engage in risky data practices without individuals’ consent. The new research, co-authored by Eric Perakslis, executive director at Duke’s Center for Biomedical Informatics, is intended to raise awareness around both.
“Health privacy is a basic requirement in digital medicine for reducing the abuse of power and supporting patient autonomy,” the authors write.
“While the digital medicine ecosystem relies on social media to recruit and build their businesses” through ads and marketing, they add, “these practices sometimes contradict their own stated privacy policies and promises to users.”
How To Watch Livestreams Of Donald Trump’s Properties As The World Waits For His Arrest
These Viral Mugshots Of President Trump Are Fake (For Now)
Woman Faces $13,000 Fine For Calling French President ‘Filth’ On Facebook