Hospitals should be wary of using Meta Pixel and other third-party analytics tools - MedCity News

ACRESa non-profit organization focused on patient safety, recently issued alarm alerting hospitals to the cybersecurity risks associated with using third-party analytics tools. When providers install this software on their websites and patient portals, they may expose patient data, ECRI warned.

This disclosed patient data may be misused to personalize ads based on users’ medical conditions. These inappropriately targeted ads could push unproven treatments and cause patients not to seek appropriate care, according to the warning.

Exposing sensitive patient information can also lead to fines, legal action and patient mistrust of providers, the warning states.

Hospitals are not very aware of the dangers of using third-party web analytics tools, said Chad Waters, senior cybersecurity engineer with ECRI’s Device Evaluation Group MedCity News. He said most vendor websites have multiple web analytics and tracking tools installed.

“This particular issue shows that healthcare organizations need to realize that privacy is about more than just HIPAA regulations,” Waters said. “Analytics tools can extract sensitive health information from a user’s browsing activities on a provider’s site, whether or not it is protected health information. Providers should consider their role in protecting patient privacy within this broader scope.

Some common examples of third-party analytics software used by vendors include Google Analytics, Adobe Analytics, and Meta Pixel. These tools are usually free and can give providers insight into how users use their websites, but the technology companies that provide this software can also use patient data to profile Internet users as they surf.

This is not the first time concerns have been raised about the use of Meta Pixel by vendors. The ECRI alert cited by a June report from Markingwho said the tool exposed appointment scheduling information to Meta when providers used it in their Epic MyChart patient portals.

Furthermore, Advocate Aurora Healthhealth system based in Wisconsin and Illinois recently disclosed a data breach involving Meta Pixel.

IN statement the health system, in a release last month, said it had disabled the software. But a patient affected by the Advocate Aurora Health breach has filed a lawsuit the health system in a class action. In his complaint, he claims his personal information was shared with Meta in a breach that may have affected three million patients.

ECRI’s warning encouraged hospitals to more closely examine the use of analytics tools, as well as establish policies and best practices for implementing these tools.

“It’s important to understand that many of these tools are free because their revenue model depends on building profiles of Internet users,” Waters said. “There are web analytics tools that don’t use this model. Hospitals should review usage policies and be careful where these tools are used.

Photo: anyaberkut, Getty Images

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *