The surveillance economy in healthcare has become a commonplace tool to target patient populations with ads on social media. How might sensitive personal health data be shared between health diagnostics and/or services to patients and Facebook? What are the legal implications under existing federal health privacy laws? This study’s methods take an infosec and coordinated disclosure approach to health ad targeting on Facebook.
Summary
In this study, we analyzed health-advertising tactics of digital medicine companies (n = 5) to evaluate varying types of cross-site-tracking middleware (n = 32) used to extract health information from users. More specifically, we examine how browsing data can be exchanged between digital medicine companies and Facebook for advertising and lead generation and advertising purposes. Our analysis focused on companies offering services to patient advocates in the cancer community who frequently engage on social media. We co-produced this study with public cancer advocates leading or participating in breast cancer groups on Facebook.
Following our analysis, we raise policy questions about what constitutes a health privacy breach based on existing federal laws such as the Health Breach Notification Rule and The HIPAA Privacy Rule. We discuss how these common marketing practices enable surveillance and targeting of medical ads to vulnerable patient populations without consent.
- Navigate LeftPrevious article in issue
- Next article in issueNavigate Right
Keywords
dark patterns
digital medicine
privacy
health privacy
Data science maturity
DSML2: Proof-of-concept: Data science output has been formulated, implemented, and tested for one domain/problem
Recommended articles
We co-created this analysis with patient advocates who are listed in our acknowledgement section. Public patient advocates in the hereditary cancer community (n = 20) were invited to participate in co-production of this research at a response rate of 50% (N = 10). These patient advocates include a small sampling of the broader population. Specifically, public metadata for hereditary cancer communities on Facebook consist of about 73 groups ranging in size from 36 to 13,000 people. Out of this population, 3 of the 10 participants were active administrators of at least one Facebook support group for breast cancer. All participants were a member of at least one breast cancer support group over a time period between 2008 and 2021.Data and code availability
Facebook has a tool in user settings that allows users to see companies tracking browsing data in Off-Facebook Activity, which can also be downloaded into an archive of JSON files. The patient advocates who co-produced our data (N = 10) were asked to download their full Facebook archives as JSON files. Participants could also look at the data via Facebook’s user interface using Off-Facebook Activity in their user settings and provide screenshots. Each participant checked if they found digital medicine apps in their Off-Facebook Activity JSON files and then verified whether these users of PHR vendors or HIPAA-covered Entities had authorized access to their data. In order to determine whether an individual authorized access, we first analyzed each digital medicine company’s cross-site-tracking tools. We then compared the tools each company used with their privacy policies and applied the FTC’s September 2021 guidance on the Health Breach Notification Rule. As a final step, we checked Facebook’s Ad Library to identify types of ads being run by each company. We also examined how each ad’s URL passed data from Facebook to third parties. From the 5 companies we identified in JSON files, we identified 27 third-party CDNs.
About half a dozen online gaming firms in Malta, the UK and Gibraltar have been approached by the Indian tax authorities to gather information on the number of users from India and the sums they have spent.
Chanda Kochhar and her husband Deepak Kochhar were arrested by the Central Bureau of Investigation (CBI) last week in connection with alleged cheating and irregularities in loans sanctioned by ICICI Bank to Videocon Group companies.
Investors hurt by the recent battering of the stock market are pinning their hopes on a Santa Claus rally to ease some of the pain.
Read More News on
Meta Privacy Policyprivacy policymetaindiasocial mediadata policyfacebookmessengerinstagram
Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.