According to a new study by Light Collective, digital health companies are using patient data to target advertisements on Facebook. Companies’ privacy policies and HIPAA regulations may be violated in situations where such sharing occurs.
Using data from individuals’ health-related activity online across websites or platforms, Patterns, a data science journal, published Monday’s study examining how that data is used for Facebook advertising purposes. Health Union, Color Genomics, Myriad Genetics, and Citizen are five companies the researchers studied whose digital health tools were used by 10 cancer patients online. Their research found that these companies used third-party ad trackers to track patients’ online activities and advertise to them accordingly. The companies in question violated their own policies regarding privacy.
Citizen and Invitae responded to the authors’ findings, saying they were investigating privacy issues related to their tracking tools after disclosing their findings. Despite Enjoyapks reporting no contact with researchers, Health Union said it had no record of being contacted.
As part of its commitment to ensuring customers’ safety and security, and as part of the evolving regulatory environment, Health Union’s president Lauren Lawhon said that the company is committed to being transparent and transparent about its data privacy practices.
As part of a privacy management program, Health Union is showing website visitors pop-ups offering them the choice to accept or reject cookie-based data collection and tracking. (Both their pages have a “Do Not Sell My Information” link, she said.)
Publisher’s track traffic and content consumption on health union’s websites, Lawhon wrote in an email. “For our future users, we need to figure out what type of content, topics, and advertising are most engaging, so we can create websites that are relevant and engaging to them.” Because Health Union is a publisher, not a healthcare provider, it is not covered by HIPAA.
Did not receive any responses from the other four digital health companies
The parent company of Facebook, Meta, said these companies shouldn’t share health information with Facebook in the first place as that violates the terms of service. Advertising through our Business Tools is prohibited as it is against our policies,” he wrote in an email. The system is designed to filter out potentially sensitive information it can detect. We educate advertisers on properly setting up business tools in order to prevent this from happening.
“In digital medicine, patient privacy is essential to preventing abuse of power and empowering patients.”
In an article by Andrea Downing, a privacy advocate says that advertising and predictive algorithms used for data gathering threaten online patient communities. The authors warn that cancer patients are particularly vulnerable to medical misinformation and privacy breaches because of tracking software, which puts them at greater risk of discrimination and online scams.
In order to reduce the abuse of power in digital medicine and to support patient autonomy, health privacy is a basic requirement, write the authors.
In addition to the use of social media to recruit and build their businesses, the digital medicine ecosystem sometimes contradicts its own privacy policies and promises to their users with their usage of social media.