NHS could take action against trusts for Facebook breach – spokesman

  • 31 May 2023
NHS could take action against trusts for Facebook breach – spokesman

NHS England is investigating the reported transfer of private details of patient information from 20 NHS trusts to Facebook without consent, and could “take further action” against those involved, an NHS spokesperson told Digital Health in an e-mail statement.

The Observer reported on Sunday that its own investigation had revealed a covert tracking tool, Meta Pixel, in the websites of the trusts that had collected browsing information and shared it with Facebook.

The tool can track pages viewed and keywords searched. The data – which included information about patients’ medical conditions, appointments and treatments – was matched to the user’s IP address, enabling it to be linked to individuals in a significant breach.

The report noted that information transferred to the tech company is likely to “include special category health data which has extra protection in law”. Using or sharing such information without consent is illegal.

The NHS spokesman told Digital Health: “NHS trusts are responsible for their own websites, and they must follow data protection laws in relation to the use of cookies on their websites. The NHS is looking into this issue and will take further action if necessary.”

The 20 trusts affected, according to The Observer, are:

  • Alder Hey Children’s
  • Barking, Havering and Redbridge University Hospitals
  • Barts Health
  • Buckinghamshire Healthcare
  • Central and Northwest London
  • Croydon Health Services
  • Devon Partnership
  • Hertfordshire Partnership University
  • Mid Yorkshire Hospitals
  • Midlands Partnership
  • North Bristol
  • Northampton General Hospital
  • Pennine Care
  • Royal United Hospitals Bath
  • Shrewsbury and Telford Hospital
  • Surrey and Borders Partnership
  • Tavistock and Portman
  • The Christie
  • The Royal Marsden
  • University Hospitals of North Midlands

Seventeen of the 20 trusts confirmed that they have now pulled the tracking tool from their websites, The Observer said.

There have been previous instances of Facebook gaining access to personal health information. In 2019, period-tracking apps were caught sharing medical data with the company. Yet, the scale of the potential data breach covered in this most recent report is likely to renew calls for greater oversight of NHS data security.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Today's Coffee Time Briefing covers a German AI-powered exoskeleton and digital pathology funding for Leeds Teaching Hospitals NHS Trust.
West Yorkshire trusts share test results using Clinisys ICE OpenNet

West Yorkshire trusts share test results using Clinisys ICE OpenNet

The West Yorkshire Association of Acute Trusts (WYAAT) can now access results from across their pathology network using Clinisys’ ICE OpenNet.
Trial will allow women to book breast diagnostic clinics via NHS App

Trial will allow women to book breast diagnostic clinics via NHS App

Women in Somerset with breast lumps will be directly referred to a breast diagnostic clinic via the NHS App under a pilot scheme.

1 Comments

  • I believe Google also received PRIVATE & sensitive medical details that we shared with health professionals we are supposed to TRUST. The YouTube videos received into my feeds were absolutely NOT coincidences but clearly based on what’s written in my medical records. Trust may be beyond repair; this is utterly damaging.

Comments are closed.