NHS could take action against trusts for Facebook breach – spokesman

  • 31 May 2023
NHS could take action against trusts for Facebook breach – spokesman

NHS England is investigating the reported transfer of private details of patient information from 20 NHS trusts to Facebook without consent, and could “take further action” against those involved, an NHS spokesperson told Digital Health in an e-mail statement.

The Observer reported on Sunday that its own investigation had revealed a covert tracking tool, Meta Pixel, in the websites of the trusts that had collected browsing information and shared it with Facebook.

The tool can track pages viewed and keywords searched. The data – which included information about patients’ medical conditions, appointments and treatments – was matched to the user’s IP address, enabling it to be linked to individuals in a significant breach.

The report noted that information transferred to the tech company is likely to “include special category health data which has extra protection in law”. Using or sharing such information without consent is illegal.

The NHS spokesman told Digital Health: “NHS trusts are responsible for their own websites, and they must follow data protection laws in relation to the use of cookies on their websites. The NHS is looking into this issue and will take further action if necessary.”

The 20 trusts affected, according to The Observer, are:

  • Alder Hey Children’s
  • Barking, Havering and Redbridge University Hospitals
  • Barts Health
  • Buckinghamshire Healthcare
  • Central and Northwest London
  • Croydon Health Services
  • Devon Partnership
  • Hertfordshire Partnership University
  • Mid Yorkshire Hospitals
  • Midlands Partnership
  • North Bristol
  • Northampton General Hospital
  • Pennine Care
  • Royal United Hospitals Bath
  • Shrewsbury and Telford Hospital
  • Surrey and Borders Partnership
  • Tavistock and Portman
  • The Christie
  • The Royal Marsden
  • University Hospitals of North Midlands

Seventeen of the 20 trusts confirmed that they have now pulled the tracking tool from their websites, The Observer said.

There have been previous instances of Facebook gaining access to personal health information. In 2019, period-tracking apps were caught sharing medical data with the company. Yet, the scale of the potential data breach covered in this most recent report is likely to renew calls for greater oversight of NHS data security.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

NHS England launches digital clinical safety standards review

NHS England launches digital clinical safety standards review

NHS England has launched a review of digital clinical safety standards, requesting input from NHS stakeholders and IT manufacturers.
Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Today's Coffee Briefing covers new AI software that can determine time of stroke with remarkable accuracy, amongst other industry news.
IT systems in Medway disconnected due to ‘suspicious activity’

IT systems in Medway disconnected due to ‘suspicious activity’

Medway Community Healthcare has disconnected its IT systems to “protect patient and staff data” after detecting some “suspicious activity”.

1 Comments

  • I believe Google also received PRIVATE & sensitive medical details that we shared with health professionals we are supposed to TRUST. The YouTube videos received into my feeds were absolutely NOT coincidences but clearly based on what’s written in my medical records. Trust may be beyond repair; this is utterly damaging.

Comments are closed.