A number of NHS trusts have removed a tracking tool from their websites following revelations that it could possibly have been used to collect data that could be linked to individual patients.
According to a report in The Observer, 17 of at least 20 trusts had removed the Meta Pixel – provided by Facebook’s parent company Meta – in response to alerts that it could violate patient privacy.
The tool collects browsing information that could be used by the trusts to monitor recruitment or charity campaigns but which was also passed to Meta for possible use in targeted advertising.
It also raises the question of whether potentially sensitive details have been stored in data centres outside the UK.
The data includes granular details of pages viewed, buttons clicked and keywords searched and can be matched to the user’s IP address, which can make it linkable to a household or individual. According to the Observer report the data covered visits to pages on sensitive healthcare issues – including cancer treatment and gender identity services – and with details of when users clicked buttons to book appointments, request referrals and order repeat prescriptions.
Prohibition and filters
It says that Meta said it prohibits organisations from sending it sensitive health information and has filters to weed it out, but most of the trusts have taken Meta Pixel off their websites after becoming aware of the issue, with some putting out public statements.
Buckinghamshire Healthcare NHS Trust said: “It has been brought to our attention that the trust, along with a number of other NHS organisations, has inadvertently been using a tracking tool on its website which can be used by Facebook’s parent company, Meta, for its own business purposes.
“The trust can only apologise that Meta Pixel has been active on our website without the privacy notice being updated to reflect this. It was installed in relation to a recruitment campaign, and we were not aware that Meta was using this information for marketing purposes. Immediate action has been taken to remove the Meta Pixel from our website.”
Alder Hey assurance
Alder Hey Children’s NHS Foundation Trust said: “A Meta Pixel was used as a performance metric for Alder Hey Facebook adverts and has been active since December. It measured the number of people who have landed on our website from our Facebook adverts. At no time did the trust see or keep any personal information from that Facebook user who landed on our advert from those Facebook adverts.
“Although our cookies page reflected the Meta Pixel, the trust apologises that it has been active on our website without our privacy notice being updated to reflect it. We have now removed the Meta Pixel from our website.
“We would like to offer assurance that at no point has any personal information been shared.”
Other trusts reported to be affected include The Tavistock and Portman, Surrey and Borders Partnership and The Royal Marsden.
