Lawmakers are pressing Meta, the parent company of Facebook and Instagram, to hand over a "comprehensive and precise" description of the sensitive medical data it gathers.
During a Senate Homeland Security and Governmental Affairs Committee hearing on Sept. 14, Sen. Jon Ossoff said "there's been substantial public reporting, controversy and concern about the Meta Pixel product and the possibility that its deployment on various hospital systems' websites, for example, has enabled Meta to collect private health care data."
Mr. Ossoff demanded that Meta tell the U.S. Congress, whether it is collecting, has collected, has access to, or is storing, medical or health data for U.S. patients.
In response to Mr. Ossoff's probe as to whether the company has collected medical or healthcare data about its users, Chris Cox, Meta chief product officer, said, "not to my knowledge."
This comes after the nonprofit reporting organization The Markup released a report analyzing 100 of the top hospital sites and found that 33 had installed Meta Pixel.
The Meta Pixel tool, used to transmit the details of patients' appointments to Meta when patients book them on a health system's website, was installed on some of the largest health system websites.
The report also found that the Meta Pixel tracker was installed inside password-protected patient portals at seven hospitals.
According to experts, the health systems who have installed this tracker could be violating HIPAA, which prohibits covered entities from sharing patient identifiable health information with third parties like Facebook, unless consent is given.
The report did not find evidence that the health systems nor Facebook were obtaining patients' consent.
So far, University of California San Francisco Medical Center, San Francisco-based Dignity Health and Chicago-based Northwestern Memorial Hospital have been named in lawsuits for allegedly installing Meta Pixel into their websites and patient portals.