More and more healthcare providers are taking advantage of the many benefits of digital marketing —from improving the patient experience to building and maintaining a thriving business. But with the introduction of new and more advanced technologies comes an increased risk for a serious data breach.
Tokio Marine HCC, CAP’s CyberRisk Insurance carrier, has reported a significant rise in the number of class action lawsuits alleging the unauthorized disclosure of personally identifiable information (PII) and personal health information (PHI) through Meta Pixel, a tool many providers use to track website user interactions.
What is Meta Pixel and How Can it Impact Your Business?
According to The HIPAA Journal, Meta Pixel collects any information contained in HTTP headers, button click data, form field names, and other user-specified data to help businesses with website optimization, identifying trends, and improving the user experience on their websites and web applications.
Unfortunately, many medical practices and facilities are not aware of the data that these tracker tools are collecting. If trackers are not configured correctly, they may be transmitting sensitive data to Meta (Facebook), which is then shared with a massive network of marketers who target patients with advertisements that match their conditions. And since Meta is not a business associate of HIPAA-covered entities and under HIPAA, any data sent to Meta would require patient consent and a business agreement to share PHI between companies.
How to Protect Yourself
Tokio Marine HCC strongly encourages healthcare providers to identify all specific forms or pages on your company website containing Meta Pixel, and removing it, by using the following information:
Use a tool, such as Blacklight, to assess whether your website uses Meta Pixel: https://themarkup.org/blacklight*
Remove Meta Pixel by following the instructions on the below links:
If hardcoded on your website: https://www.facebook.com/business/help/4224030857607474
If plugin, direct website/partner integration, or Google Tag Manager implementation: https://back2marketingschool.com/delete-facebook-pixel/
In addition to these mitigation efforts, CAP Physicians Insurance Agency, Inc. (CAP Agency) recommends that you secure comprehensive CyberRisk coverage to protect you and your practice or facility from potentially severe penalties, by unintentionally violating HIPAA privacy rules. In addition to the $50,000 CyberRisk protection CAP members automatically receive, CAP Agency offers outstanding additional coverage through Tokio Marine HCC with limits up to $1 million to further protect you. For more information, please call CAP Agency at 800-819-0061 or
*CAP and Tokio Marine HCC are unaffiliated with this third-party tool and cannot guarantee its product and service, such as detecting a pixel behind a log-in page. These products and services are not under our control, and we are not responsible for the content or any link on such sites or for the temporary or permanent unavailability of such third party sites or service.