Pixelated: The (Continuous) Great Harvest Of Your Medical Records (2023)

Please Share This Story!

PDF 📄

The CDC states, “The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.” That’s over. Your data is NOT protected nor is it private. Don’t sign another HIPAA agreement by any healthcare provider. ⁃ TN Editor

STORY AT-A-GLANCE

> Facebook’s Meta Pixel was found on 33 hospital websites, sending Facebook information linked to an IP address, which identifies individual computers and may be traceable back to an individual or household

> The pixel tracks what doctors are searched for and health-related search terms added to search boxes or selected from dropdown menus

> The Meta Pixel was found in patient portals from seven health systems; data being collected included names of medications being taken, descriptions of allergic reactions and upcoming doctors’ appointments

> More than 26 million patient admissions and outpatient visits have been shared by the 33 hospitals using Meta Pixels, and that’s likely conservative

By now, most people are aware that if they “like” a certain page on Facebook, it gives the social media giant information about them. “Like” a page about a particular disease, for instance, and marketers may begin to target you with related products and services.

Facebook may be collecting sensitive health data in far more insidious ways as well, however, including tracking you when you’re on hospital websites and even when you’re in a personal, password-protected health information portal like MyChart.1

It does this via pixels, which may be installed without your knowledge on websites you visit. They can collect information about you as you browse the web, even if you don’t have a Facebook account.

Meta Pixel Found on Hospital Websites

In particular, the Meta Pixel is a piece of JavaScript code that developers can add to their website to track visitor activity.2According to Meta:3

“It works by loading a small library of functions which you can use whenever a site visitor takes an action (called an event) that you want to track (called a conversion). Tracked conversions appear in the Ads Manager where they can be used to measure the effectiveness of your ads, to define custom audiences for ad targeting, for dynamic ads campaigns, and to analyze that effectiveness of your website’s conversion funnels.”

Even hospitals are opting into the data trackers, as evidenced by an investigation by The Markup, which tested websites from Newsweek’s top 100 U.S. hospitals. Facebook’s Meta Pixel was found on 33 of the websites, sending Facebook information linked to an IP address, which identifies individual computers and may be traceable back to an individual or household.

The pixel tracks not only the IP address of the computer being used but also what doctors are searched for and search terms added to search boxes or selected from dropdown menus. The Markup reported:4

“On the website of University Hospitals Cleveland Medical Center, for example, clicking the “Schedule Online” button on a doctor’s page prompted the Meta Pixel to send Facebook the text of the button, the doctor’s name, and the search term we used to find her: “pregnancy termination.”

Clicking the “Schedule Online Now” button for a doctor on the website of Froedtert Hospital, in Wisconsin, prompted the Meta Pixel to send Facebook the text of the button, the doctor’s name, and the condition we selected from a dropdown menu: “Alzheimer’s.””

Meta Pixel Installed on Patient Portals

Health care is increasingly going digital, making the privacy of patient portals like MyChart increasingly important. In 2020, about 6 in 10 Americans were offered access to an online patient portal — a 17% increase since 2014 — and close to 40% accessed their records online at least once.5

Overall, about one-third of those who used patient portals downloaded their online medical records in 2020, which is nearly double the amount that did so in 2017.

However, the data you’re accessing when using password-protected patient portals may also be sent to Facebook via pixels. The Markup found the Meta Pixel in patient portals from seven health systems, including Edward-Elmhurst Health, FastMed, Novant Health and Community Health Network.

Data being collected included names of medications being taken, descriptions of allergic reactions and upcoming doctor’s appointments.6Novant Health, which removed the pixel after being contacted by The Markup, stated, “We appreciate you reaching out to us and sharing this information. Our Meta pixel placement is guided by a third party vendor and it has been removed while we continue to look into this matter.”7

The Markup is now collaborating with Mozilla Rally, using a browser add-on and crowd-sourcing to send data about the Meta Pixel on websites visited by study participants. The aim of the study, which runs through July 13, 2022, and has been dubbed the Facebook Pixel Hunt, is to map Facebook’s pixel tracking network to better understand the types of information being collected across the web.8

‘Quite Likely a HIPPA Violation’

The federal Health Insurance Portability and Accountability Act (HIPAA) makes it illegal for hospitals to share personally identifiable health data with Facebook and others, unless an individual has consented to it. As a result, it’s possible that Facebook’s Meta Pixel on hospital sites is illegal.

David Holtzman, a former senior privacy adviser in the U.S. Department of Health and Human Services’ Office for Civil Rights, told The Markup, “I am deeply troubled by what [the hospitals] are doing with the capture of their data and the sharing of it. I cannot say [sharing this data] is for certain a HIPAA violation. It is quite likely a HIPAA violation.”9

By June 15, 2022, at least seven of the hospitals that The Markup contacted had removed pixels from their appointment booking pages, while at least five of the health systems with Meta Pixels on their patient portals had removed the pixels.

However, to get an idea of the scope of the data being released, The Markup found that more than 26 million patient admissions and outpatient visits had been shared by the 33 hospitals using Meta Pixels, and that’s likely conservative.

“Our investigation was limited to just over 100 hospitals; the data sharing likely affects many more patients and institutions than we identified,” The Markup reported.10In fact, anytime you browse the web you’re likely to come across a Meta Pixel, as they’re found on more than 30% of the most popular websites online.11

IP addresses are listed as one of the identifiers that can make data count as protected health information under HIPPA. Further, being logged into Facebook when visiting a hospital website with a Meta Pixel may allow even more tracking mechanisms, such as third-party cookies, to be attached, so pixel data can be linked to Facebook accounts. According to The Markup:12

“[I]n several cases we found — using both dummy accounts created by our reporters and data from Mozilla Rally volunteers — that the Meta Pixel made it even easier to identify patients.

When The Markup clicked the “Finish Booking” button on a Scripps Memorial Hospital doctor’s page, the pixel sent Facebook not just the name of the doctor and her field of medicine but also the first name, last name, email address, phone number, zip code, and city of residence we entered into the booking form.”

Patients Would Be ‘Shocked’

It’s quite possible that what Facebook is doing with sensitive patient health data is illegal, but even if it’s not, most people would be shocked to find out the types of data that Facebook is collecting about them online, when they’re using what are assumed to be private, protected health websites and patient portals.

Speaking with The Markup, Glenn Cohen, faculty director of Harvard Law School’s Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics, explained:13

“Almost any patient would be shocked to find out that Facebook is being provided an easy way to associate their prescriptions with their name. Even if perhaps there’s something in the legal architecture that permits this to be lawful, it’s totally outside the expectations of what patients think the health privacy laws are doing for them.”

While Facebook claims that it uses machine-learning systems to detect sensitive health data and block it from being collected, hundreds of websites from crisis pregnancy centers were found to be sharing visitor information with the social media giant, include information such as whether the visitor was seeking pregnancy tests, emergency contraceptives or abortion.

The data could be used to direct targeted advertisements or even, in a worst-case scenario, potentially in legal proceedings.

Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project, told The Markup, “I think this is going to be a wake-up call for millions of Americans about how much danger this tracking puts them in when laws change and people can weaponize these systems in ways that once seemed impossible.”14

Google Is Also Tracking Health Data

In 2019, Google partnered with the University of Chicago Medial Center to collect medical records and use artificial intelligence to predict medial events. The records were supposed to be anonymous, but they included date stamps and doctors’ notes, which the lawsuit alleged Google could combine with geolocation data to identify patients.15

The lawsuit alleged, “The personal medical information obtained by Google is the most sensitive and intimate information in an individual’s life, and its unauthorized disclosure is far more damaging to an individual’s privacy” than data typically exposed in hacks, such as credit card numbers.16

Four attorneys general have also sued Google for its deceptive practices in collecting location data from the public. The separate lawsuits allege that Google continued to track location data of its users even after they had disabled location tracking.

Karl A. Racine, attorney general for the District of Columbia, initiated an investigation into Google after a 2018 AP News report revealed Google was tracking people’s movements even when they’d opted out of such tracking.17Google’s misleading claims to users regarding privacy protections available in their account settings have been ongoing since at least 2014, Racine’s investigation found.18

Aside from hiding location tracking under settings users wouldn’t expect, like Web & App Activity — which is turned on by default — Google is accused of collecting and storing location information via Google services, Wi-Fi data and marketing partners, again after device or account settings had been changed to stop location tracking.19

In addition to the District of Columbia, the attorneys general of Texas, Washington and Indiana have also filed lawsuits against Google for their deceptive data collection practices. The suits allege that Google also pressured users to use location tracking more often because it claimed — falsely — that its products wouldn’t function properly without it.20

Location data, meanwhile, can be used to reveal intimate details about your life, from your gym memberships, health care visits, stores and restaurants you frequent to where you go to church. It may also be used to provide personalized ads on digital billboards as you pass by, and Google tracks, and provides to its customers, information about how well online ads work to drive people into brick-and-mortar stores.21

Protect Your Privacy Online

Once you recognize that you’re being tracked online, consciously opting out of it as much as possible is wise. Robert Epstein, Ph.D., a senior research psychologist at the American Institute for Behavioral Research and Technology (AIBRT), reminds people that free services online, such as Facebook and Google, aren’t really free, as you pay for them with your freedom.22To take back some of your online privacy, for yourself as well as your children, he recommends:23

  1. Get rid of Gmail. If you have a Gmail account, try a non-Google email service instead such asProtonMail, an encrypted email service based in Switzerland.
  2. Uninstall Google Chrome and useBravebrowser instead, available for all computers and mobile devices. It blocks ads and protects your privacy.
  3. Switch search engines. Try Brave search engine instead.
  4. Avoid Android. Google phones and phones that use Android track virtually everything you do and do not protect your privacy. It’s possible to de-Google your cellphone by getting an Android phone that doesn’t have a Google operating system, but you’ll need to find a skilled IT person who can reformat your cellphone’s hard drive.
  5. Avoid Google Home devices. If you have Google Home smart speakers or the Google Assistant smartphone app, there’s a chance people are listening to your requests, and even may be listening when you wouldn’t expect.
  6. Clear cache and cookies. This will help get rid of invasive computer codes that track what you do online.
  7. Use a proxy or VPN (Virtual Private Network). This service creates a buffer between you and the internet, “fooling many of the surveillance companies into thinking you’re not really you.”

FAQs

What are the five purposes of the medical record? ›

Healthcare organizations maintain medical records for several key purposes:
  • Patient Care. Patient records provide the documented basis for planning patient care and treatment.
  • Communication. ...
  • Legal documentation. ...
  • Billing and reimbursement. ...
  • Research and quality management.

What are five characteristics of good medical documentation? ›

6 Key Attributes of a Medical Record
  • Accuracy of the medical record. The accuracy of the data refers to the correctness of the data collected. ...
  • Accessibility of the medical record. ...
  • Comprehensiveness of data. ...
  • Consistency of information in the medical record. ...
  • Timeliness of information. ...
  • Relevancy of the medical records.
8 Apr 2013

Why are patient records so important? ›

The records form a permanent account of a patient's illness. Their clarity and accuracy is paramount for effective communication between healthcare professionals and patients. The maintenance of good medical records ensures that a patient's assessed needs are met comprehensively.

What are 3 common medical reports found in a medical record? ›

A patient's medical chart may contain different note types, documenting office or telemedicine visits (encounters) and patient calls, such as: Consultation notes. Second-opinion notes. Progress notes.

What are the two most common types of medical records? ›

There are three types of medical records commonly used by patients and doctors: Personal health record (PHR) Electronic medical record (EMR) Electronic health record (EHR)

What shows up on medical records? ›

A health record (also known as a medical record) is a written account of a person's health history. It includes medications, treatments, tests, immunizations, and notes from visits to a health care provider.

What type of information does a medical record contain? ›

It includes informationally typically found in paper charts as well as vital signs, diagnoses, medical history, immunization dates, progress notes, lab data, imaging reports, and allergies. Other information such as demographics and insurance information may also be contained within these records.

What are 10 components of a medical record? ›

  • Introduction. Components of a Complete Medical Record. ...
  • Identification. Identification. ...
  • Date, History. Date, History. ...
  • Physical Exam. Physical Exam. ...
  • Assessment. Assessment. ...
  • Informed Client Consent. Informed Client Consent. ...
  • Medical Treatments. Medical Treatments. ...
  • Surgical Treatments, Anesthesia. Surgical Treatments, Anesthesia.

What is the main purpose of documentation? ›

Documentation refers to a set of records that professionals or companies keep to provide evidence or information that can be used to inform decisions. In the workplace, documentation is retained records of employment and company actions and events as required by legal mandates and company policy.

What are the criteria of good medical record document? ›

All documentation in the medical record should be accurate and adequate pertinent to the health care experiences of the patient including telephone conversation or verbal orders. All entries made must be related to health problems and treatment of the patient only.

What makes a good document? ›

Accurate and Comprehensive- The information in the document is correct and detailed, making the documentation reliable and trustworthy. Consistent - The terminologies and format used throughout the document are uniform. Complete - All information must be in the document regardless of its size.

Why is it important to keep clear and accurate client records? ›

Good record management is the legal record of the interaction with, and assessment and treatment of, the client. Essentially, if it's not written down it didn't happen. It is important for effective communication with other health professionals and therefore optimal patient care.

What is the ultimate purpose of record-keeping? ›

Their purpose is to provide reliable evidence of, and information about, 'who, what, when, and why' something happened. In some cases, the requirement to keep certain records is clearly defined by law, regulation, or professional practice.

How do you maintain record-keeping? ›

These five easy steps will help you create a simple financial record-keeping system: capture, check, record, review, and act.
  1. Capture the Information.
  2. Check to Make Sure the Information Is Complete and Correct.
  3. Record the Information to Save It.
  4. Consolidate and Review the Information.
  5. Act Based on What You Know.
4 Feb 2021

Can someone access my medical records without my permission? ›

Health and care records are confidential so you can only access someone else's records if you're authorised to do so. To access someone else's health records, you must: be acting on their behalf with their consent, or. have legal authority to make decisions on their behalf (power of attorney), or.

Is it possible to have medical records deleted? ›

You can't "erase" medical records. They can be destroyed per federal and state law typically after a certain period of time. If you think the information in your medical or billing record is incorrect, you can request a change, or amendment, to your record.

Who generally owns the medical record? ›

Over time, the practical view has been that the patient owns the information, but the medical professionals—the doctors, in particular—own the records.

What should not be included in a medical record? ›

The following is a list of items you should not include in the medical entry:
  • Financial or health insurance information,
  • Subjective opinions,
  • Speculations,
  • Blame of others or self-doubt,
  • Legal information such as narratives provided to your professional liability carrier or correspondence with your defense attorney,
23 Mar 2010

Which is the most efficient type of medical record? ›

The two major types of patient records are the paper health record and the electronic health record (EHR). The EHR is much more efficient than the paper record, and most healthcare facilities have switched to EHRs for a number of reasons. State several reasons that accurate health records are important.

Who has access to my medical records? ›

Your medical records are confidential. Nobody else is allowed to see them unless they: Are a relevant healthcare professional. Have your written permission.

What does it mean when a doctor says you are well developed? ›

Definition of well-developed. : large, advanced, or complete : fully developed well-developed muscles She has a well-developed sense of humor.

How long are medical records kept? ›

To access their GP records, you need to complete an 'Access to Health Records' request. You can find out more and submit a request form on the PCSE website. GP records are generally retained for 10 years after the patient's death before they're destroyed.

What are the three key elements of record keeping? ›

The three major components of the record-keeping responsibilities of the waiver providers are: Detailed Plans. Documentation of Encounters/Case Notes. Individual Service Reports (ISR)

How long do you have to chart on a patient? ›

RULE #1: Get it done on time

Physicians should aim to complete charts immediately after treatment when details are still fresh. Most hospitals set time limits for when documentation is due: within 24 hours for admitting notes, 48 hours for surgical procedures and 15 days after discharge for completing the record.

What does SOAP stand for? ›

However, all SOAP notes should include Subjective, Objective, Assessment, and Plan sections, hence the acronym SOAP.

What is medical REcoRD policy? ›

MEDICAL REcoRD PoLICIEs. Patient access to their medical records. Privacy; confidentiality and the release of patient information. Policy on retention of medical records. Destruction of medical records.

What are the contents of a medical record? ›

Medical records are the document that explains all detail about the patient's history, clinical findings, diagnostic test results, pre and postoperative care, patient's progress and medication. If written correctly, notes will support the doctor about the correctness of treatment.

What are the 6 components of the medical history? ›

In general, a medical history includes an inquiry into the patient's medical history, past surgical history, family medical history, social history, allergies, and medications the patient is taking or may have recently stopped taking.

What are the 5 components of the electronic medical record? ›

Electronic Health Records: The Basics

Administrative and billing data. Patient demographics. Progress notes. Vital signs.

What are the three key elements of record keeping? ›

The three major components of the record-keeping responsibilities of the waiver providers are: Detailed Plans. Documentation of Encounters/Case Notes. Individual Service Reports (ISR)

What is a complete medical record? ›

A medical record is considered complete if it contains sufficient information to identify the patient; support the diagnosis/condition; justify the care, treatment, and services; document the course and results of care, treatment, and services; and promote continuity of care among providers.

Who generally owns the medical record? ›

Over time, the practical view has been that the patient owns the information, but the medical professionals—the doctors, in particular—own the records.

What are the three main types of records? ›

The following sections will provide general guidance on the disposition of 4 types of records:
  • Temporary records.
  • Permanent records.
  • Unscheduled records.
  • Records on legal hold.
15 Dec 2021

Is it possible to have medical records deleted? ›

You can't "erase" medical records. They can be destroyed per federal and state law typically after a certain period of time. If you think the information in your medical or billing record is incorrect, you can request a change, or amendment, to your record.

How long are medical records kept? ›

To access their GP records, you need to complete an 'Access to Health Records' request. You can find out more and submit a request form on the PCSE website. GP records are generally retained for 10 years after the patient's death before they're destroyed.

What does SOAP stand for? ›

However, all SOAP notes should include Subjective, Objective, Assessment, and Plan sections, hence the acronym SOAP.

How do I take good medical history? ›

Generally speaking, most patient history conversations are as follows: Greet the patient by name and introduce yourself. Ask, “What brings you in today?” and get information about the presenting complaint. Collect past medical and surgical history, including any allergies and any medications they're currently taking.

What are the four purposes of medical records? ›

Each Medical Record shall contain sufficient, accurate information to identify the patient, support the diagnosis, justify the treatment, document the course and results, and promote continuity of care among health care providers.

What type of information should be documented in medical health records? ›

Medical records should include the following information:
  • Patient identification.
  • Information relevant to diagnosis or treatment.
  • Treatment plan.
  • Medication and dosage levels.
  • Information and advice given, consent discussions.

What are four examples of clinical records found in the patient chart? ›

List four examples of clinical records found in the patient chart.
  • Medication list.
  • allergies list.
  • immunization records.
  • laboratory results.

Top Articles
Latest Posts
Article information

Author: Rob Wisoky

Last Updated: 21/11/2023

Views: 5921

Rating: 4.8 / 5 (48 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Rob Wisoky

Birthday: 1994-09-30

Address: 5789 Michel Vista, West Domenic, OR 80464-9452

Phone: +97313824072371

Job: Education Orchestrator

Hobby: Lockpicking, Crocheting, Baton twirling, Video gaming, Jogging, Whittling, Model building

Introduction: My name is Rob Wisoky, I am a smiling, helpful, encouraging, zealous, energetic, faithful, fantastic person who loves writing and wants to share my knowledge and understanding with you.