A new study has found that digital health companies have been sharing patient information to Facebook to enable targeted advertisements. This information emerged after Light Collective did some research. The research group shared that the move sometimes goes against the companies’ privacy policies. Moreover, there were concerns about HIPAA violations.
The group published the study on Patterns. It examined how private health-related information was tracked on various websites and then used on Facebook for targeted advertising. For their study, researchers followed ten active people in an online cancer community.
How researchers conducted the study
The participants used five digital health companies, including Citizen, Health Union, Invitae, Myriad Genetics, and Color Genomics. Researchers discovered that their party trackers on these websites would follow the participants and then target them with ads based on their activity. Furthermore, three of the companies breached their privacy agreement in the process.
The study authors later disclosed the issue to the companies. However, only Citizen and Invitae responded. The companies stated that they would investigate the problem with the trackers. Health Union, on the other hand, claims that the researchers have not contacted them.
Health Union denies the allegations
According to the President of the Health Union, Lauren Lawhon, the company prioritises the health and safety of its clientele and tries to protect their privacy. She adds that the company tries to ensure its privacy policy is transparent and compliant with regulations.
Lawson states that the website has privacy management software that shows visitors pop-ups and allows them to reject or accept cookies. It also has a link at the bottom of the page with “Do not sell my information.”
She adds that the company collects data on how users engage with its website to know the type of content and advertising its users prefer. This, in turn, helps keep the community engaging and relevant for users. Additionally, Lawhon denies the claims that the company has violated HIPAA as it is not a healthcare provider and thus can’t be held to HIPAA standards.
A spokesperson for Meta states that the companies should share patient information on Facebook as it is against the company’s policies.
