October 13, 2022
It’s been all over the news: Meta’s Ad Performance Pixel was found to be transferring sensitive health data, possibly violating HIPAA regulations. And boy has this caused some major concerns across the health care sector — and rightfully so. How many health providers and health care networks inadvertently violated HIPAA laws, opening themselves up to legal battles?
Let’s step back and explain how this all works and what’s happening.
What is a Pixel?
A pixel is a piece of code that is added to your website to track users’ actions across your site. A pixel usually will track webpage views, which pages you visited, and various conversions, like purchases or donations. In the case of health care providers, many organizations were also using the Pixel to track scheduling appointments as a conversion.
What information is tracked by the Pixel?
Usually, there are no privacy-related issues with what the Pixel tracks. It is true that you can add additional parameters to the Pixel to push back into your data, like number of purchases, product IDs, currency, purchase value, webpage name, etc. Nothing is identifiable back to the user; it’s anonymized.
Where did the Meta Pixel go wrong?
This is where things went very wrong for the health care world. Even though these marketers were not collecting any personally identifiable (PII) data through the Meta Pixel, they were using sensitive health data collected through the Pixel to serve customized messaging to their health conditions. The allegation is that the Meta Pixel was collecting details of patients’ doctor appointments when patients booked via the health provider’s website. The Pixel was found within the password-protected patient portals of several hospitals as well, which was able to collect data about patient prescriptions and specific health conditions. This activity is a violation of Meta’s advertising guidelines; however, Meta is accused of not enforcing this policy.
What can you do about it?
First, we’d like to point out that the Pixel used by TrueSense (or your fundraising or marketing team or agency) typically is not placed throughout the health system’s website, but rather only on the donation pages. We also set our parameters to only push “purchase,” currency, and value data through our Pixel. (“Purchase” is in quotes because we are really tracking donations, but the Pixel required a “purchase” setup to track it correctly.)
We also recommend to NOT place the Meta Pixel on any appointment scheduling pages and also remove it from within any password-protected patient portals. There just isn’t a need to have it placed there, and you risk accidentally collecting the sensitive health-related data.
Your audience’s privacy is a majority priority here at TrueSense. We are here to answer any questions you may have about this ongoing controversy and discuss alternative options if you choose to remove Meta Tracking Pixels completely off your page.
This is a major issue that is still getting resolved on Meta’s side. TrueSense Marketing is a Meta Agency Member and can help guide you through this developing controversy and continue to help you navigate all of your Facebook and Instagram fundraising efforts.