Healthcare Marketing

Are Meta pixels leading medical practices into HIPAA violations?

Hospitals and medical practices using the Facebook Meta pixel on their websites need to take a second look. While healthcare marketers want to be able to track marketing efforts and determine when patients make an appointment online from a Facebook ad, this could be a HIPAA violation. 

A recent investigation by The Markup tested the websites of Newsweek’s top 100 hospitals in America. On 33 of them they discovered the Meta pixel, which sends data back to Facebook when a person clicks to schedule an appointment online or accesses a patient portal. The data is connected to an IP address and can generally be linked to a specific individual or household, sharing very personal information with Facebook and creating a HIPAA violation.  

According to HIPAA laws, healthcare practices need patient consent to share personally identifiable health information with outside organizations. In fact, there are now two proposed class-action lawsuits on this matter. Within one of these suits, there have been at least 664 hospital systems or medical provider web properties identified where Facebook has received patient data via the Facebook pixel.

Cause for Concern

While privacy has been a concern for a while with Facebook, the concerns rise to another level when patients are worried about their personal health data being shared and exposed. The last thing patients want to see is that the platform knows they have a specific diagnosis or are struggling with certain issues. In one of the cases, a patient reported seeing targeted advertising about her medical condition.

Beyond the pixel issue, it’s imperative that healthcare organizations also keep reminding employees to not share PHI in any way on their posts or that social media posts for the organization don’t have anything in the background that could have sensitive information.

What Should Medical Practices Do About the Pixel?

Is the solution to completely remove the Facebook Meta pixel from your hospital or practice’s website? Not necessarily. Health privacy consultants and advocates quoted in The Markup report said they were troubled by the data collection practices but did not definitively state the tracker to be a HIPAA violation.

If you are currently using the Facebook Meta pixel on your site, you need to carefully examine how this is being used. Are you using it on landing pages where patients fill out a form with personal information? Is the pixel with patient portal pages?

At MHP/ Team SI, we can help you evaluate how you are using the tool and if there is the potential for a HIPAA violation. We can walk you through the best steps to take for your practice. 

As this is making its rounds through the news, you may have patients ask about this issue. Make sure you have a response ready whether you know there has been a violation or not.

Our PR team can help you craft the right message – whether you are in the investigative phase or you see that the pixel has been used on pages it should not have.If you have any questions about recent reports or how your organization is using the Facebook Meta Pixel, contact us and we’d be happy to help you and counsel you on this.


Caleb Byrd