A recent data breach from Advocate Aurora Health, a healthcare company that operates in Wisconsin, revealed private information of up to 3 million patients, according to the U.S. Department of Health and Human Services.
While no social security numbers or financial information like credit card numbers were reported to have been compromised, other potentially sensitive information could have been exposed. According to a statement from Advocate Aurora Health, appointment scheduling information, provider information and types of services received may have been exposed.
Other information compromised includes messages exchanged through MyChart — which could include patient names and insurance information — and notably, IP addresses of patients. This poses particular concerns under HIPAA, since IP addresses are one of the 18 identifiers that can connect healthcare data to certain individuals or households.
Political influence in wording of ballot referenda unfairly skews voters’ choices
Advocate Aurora Health said the breach was a result of using pixels, a type of computer code that can track people’s actions on websites. Many of these coding systems are developed by Meta, which means tracking information collected from healthcare websites may be sent to Google and Facebook.
Controversially, many hospitals in the United States utilize the Meta Pixel to collect patient data on their websites. Some worry the use of the code may threaten patient privacy. The Markup conducted an investigation of the Meta Pixel in June 2022.
Of particular concern for healthcare patients, the investigation could not ascertain whether patients’ data was used for marketing purposes. According to their sensitive health information policy, Meta uses a filtering system to prevent healthcare data from being used for advertising.
A 2021 report from a New York Department of Financial Services investigation, however, revealed that this filtering system might not be entirely reliable.
“As the conclusion of the Department’s investigation, Facebook indicated that the Integrity System is not yet operating with complete accuracy and explained that filtering sensitive terms requires additional testing due to the volume and complexity of information being processed,” the report said.
The American Medical Association conducted a survey to understand how patients feel about data privacy. Results show that people are most comfortable with their doctor’s office having access to their data and least comfortable with social media sites and big tech having access to their data.
The harm in splitting Wisconsin’s Department of Natural Resources
This directly conflicts with the use of Meta Pixel on healthcare websites, which potentially exposes their information to both social media sites and big tech companies, for uses which are not entirely clear.
The problem with big tech companies infiltrating the healthcare industry is they simply do not have the expertise to manage this kind of sensitive information. The University of Oxford’s Saïd Business School refers to the pursuit of healthcare as a business venture as “digital colonization”, and this poses challenges for protecting patient privacy.
Big tech companies are also unprepared to handle the lack of structure present in healthcare data, according to the National Library of Medicine. Again, this could lead to poor filtering of sensitive information.
According to the University of Oxford, the COVID-19 pandemic has increased the broad influence of technology in various sectors, such as healthcare. As our world becomes more digitally integrated, however, we may have to sacrifice a level of privacy.
Dane County ballot questions chart course toward statewide referendum
Technology is developing at a faster rate than our ability to legislate on it. With healthcare companies seeking to streamline the processing of information with emerging technology, they may put patient security at risk if these systems have not yet been regulated.
Since the breach, Advocate Aurora Health has disabled the use of pixels on their website. Other healthcare companies should follow suit and prevent the use of pixels for the purpose of collecting patient information — at least until regulations have established how this data can be used by third-party actors.
Big tech may present opportunities to innovate digital systems for use in the healthcare industry. But, successful implementation of these technologies requires deliberate regulation and expert knowledge. Until then, sensitive patient information will continue to face the risk of exposure.
Celia Hiorns ([email protected]) is a sophomore studying journalism and political science.