Data tracking software loaded into patient portals may be benignly intended to improve healthcare entities’ online marketing campaigns – but it also poses potential privacy concerns to patients. And it’s more common than many organizations and consumers realize, says Ian Cohen, CEO of data privacy firm Lokker.
A recent federal putative class action lawsuit filed against social media giant Meta alleges that at least 664 hospitals or medical providers have deployed the company’s Facebook Pixel tracking technology on their websites and patient portals.
The lawsuit alleges the data collection – which can include details about patients’ medical appointments – is done without first obtaining patient authorization, as required by federal health privacy law.
A recent study by Lokker found that the array of hospitals and healthcare provider websites using Facebook Pixel and similar tracking tools is actually closer to 2,500, Cohen says in an interview with Information Security Media Group.
Lokker over the last several months scanned nearly 250,000 websites, including 5,400 websites of hospitals and other medical entities. The study found trackers and similar embedded features on nearly half of those websites, Cohen says.
“These pixels are tracking medical and other data that consumers don’t know is being tracked and haven’t authorized,” he says. “The problem is super widespread, and it’s very difficult for the hospitals to know what’s going on, let alone control it.”
In the interview (see audio link below photo), Cohen also discusses:
- How tracking tools can collect private data of patients and other consumers;
- Potential privacy implications involving the use of tracking tools in other sectors, including financial services;
- Other top emerging data privacy concerns in the healthcare sector.
Prior to founding Lokker in 2021, Cohen served as CEO for Credit.com and chief product officer for Experian, where he focused on consumer-permissioned data.