An investigation by The Observer reveals that 20 NHS trusts in the UK have been sharing private details of patients’ medical conditions, appointments, and treatments with Facebook without consent. A covert tracking tool called Meta Pixel was found on the websites of these NHS trusts, collecting browsing information and sharing it with Facebook, in violation of privacy. The collected data includes granular details of pages viewed, buttons clicked, and keywords searched, linked to users’ IP addresses and sometimes their Facebook accounts. The data can be used by Meta, Facebook’s parent company, for targeted advertising purposes and other business uses. The information extracted by Meta Pixel includes personal medical details, impacting patients who visited NHS webpages related to HIV, self-harm, gender identity services, sexual health, cancer, children’s treatment, and more. Actions such as booking appointments, ordering repeat prescriptions, and requesting referrals were also recorded. Seventeen out of the 20 NHS trusts have removed the tracking tool from their websites, with eight issuing apologies to patients.
Some trusts installed the tracking pixels for recruitment or charity campaigns without realizing they were sending patient data to Facebook.
The Information Commissioner’s Office (ICO) is investigating the matter.
Specific examples include trusts sharing data about HIV medication, sexual development problems, crisis mental health services, gender identity services, disturbing sexual behaviors, and more with Facebook.