Up to 20 NHS trusts have shared patients’ private medical information with Facebook through a hidden tracking tool on their websites.
The Observer found that data was collected from individuals who accessed NHS webpages related to HIV, gender identity services, self-harm, sexual health, children’s treatment, cancer and more.
The websites of 20 NHS trusts were found to be using the Meta Pixel tracking tool, which gathered browsing information and shared it with the social networking site.
That is despite the trusts promising not to collect that information without obtaining proper consent from the individuals involved.
The collected data showed which pages people had visited, the buttons they clicked and the keywords they searched. The data was matched to the user’s IP address and often linked to their Facebook account details.
Facebook could potentially have used it for business-related objectives, including targeted advertising.
Following the public disclosure of this breach, 17 out of the 20 NHS trusts that employed the Meta Pixel tool said they had ceased using it, and apologised for doing so.
Several of the trusts explained they had initially implemented the tracking pixel to monitor recruitment or charity campaigns, and were unaware that patient data was being sent to Facebook.
Buckinghamshire Healthcare NHS Trust (BHNHST), one of the bodies that has now removed the tracking tool, said the presence of Meta Pixel on its website was an unintended error.
The Information Commissioner’s Office (ICO) is investigating the matter, indicating ongoing concerns regarding privacy.