are funneling sensitive data that patients have shared with them to Facebook to help target advertisements, according to a new study from research group the Light Collective. In some cases this sharing is running afoul of the companies’ own privacy policies and raising concerns about HIPAA violations., a data science journal, examines the way data from individuals’ health-related activity online is tracked across websites or platforms and then used for advertising purposes on Facebook.
The authors said that after disclosing their findings to the five companies, only Ciitizen and Invitae responded, saying they were investigating the privacy issues with the tracking tools. Health Union president Lauren Lawhon said the safety and security of people in its online health community are a priority and that it continually takes steps to ensure its data privacy practices are “transparent and compliant with the evolving regulatory environment.” She noted, in an emailed statement, that Health Union recently began using privacy management software that shows website visitors pop-ups giving them the choice to accept or reject cookie-based data collection and tracking.
“As a publisher, Health Union collects and tracks data pertaining to content consumption, traffic sources and other information about how users engage with our websites,” Lawhon wrote in the email. “This is done to better understand the types of content, content topics and advertising that are of the most interest to people who participate in our communities, so we can continue to provide engaging, relevant websites in the future.