NHS could take action against trusts for Facebook breach – spokesman

  • 31 May 2023
NHS could take action against trusts for Facebook breach – spokesman

NHS England is investigating the reported transfer of private details of patient information from 20 NHS trusts to Facebook without consent, and could “take further action” against those involved, an NHS spokesperson told Digital Health in an e-mail statement.

The Observer reported on Sunday that its own investigation had revealed a covert tracking tool, Meta Pixel, in the websites of the trusts that had collected browsing information and shared it with Facebook.

The tool can track pages viewed and keywords searched. The data – which included information about patients’ medical conditions, appointments and treatments – was matched to the user’s IP address, enabling it to be linked to individuals in a significant breach.

The report noted that information transferred to the tech company is likely to “include special category health data which has extra protection in law”. Using or sharing such information without consent is illegal.

The NHS spokesman told Digital Health: “NHS trusts are responsible for their own websites, and they must follow data protection laws in relation to the use of cookies on their websites. The NHS is looking into this issue and will take further action if necessary.”

The 20 trusts affected, according to The Observer, are:

  • Alder Hey Children’s
  • Barking, Havering and Redbridge University Hospitals
  • Barts Health
  • Buckinghamshire Healthcare
  • Central and Northwest London
  • Croydon Health Services
  • Devon Partnership
  • Hertfordshire Partnership University
  • Mid Yorkshire Hospitals
  • Midlands Partnership
  • North Bristol
  • Northampton General Hospital
  • Pennine Care
  • Royal United Hospitals Bath
  • Shrewsbury and Telford Hospital
  • Surrey and Borders Partnership
  • Tavistock and Portman
  • The Christie
  • The Royal Marsden
  • University Hospitals of North Midlands

Seventeen of the 20 trusts confirmed that they have now pulled the tracking tool from their websites, The Observer said.

There have been previous instances of Facebook gaining access to personal health information. In 2019, period-tracking apps were caught sharing medical data with the company. Yet, the scale of the potential data breach covered in this most recent report is likely to renew calls for greater oversight of NHS data security.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

AI tool to help detect lung cancer deployed in Greater Manchester

AI tool to help detect lung cancer deployed in Greater Manchester

AI that helps detect diseases such as lung cancer quicker is being rolled out at seven trusts within the Greater Manchester Imaging Network.
NHSE announces digital eye screening plans for diabetes patients

NHSE announces digital eye screening plans for diabetes patients

NHS England has announced plans to provide digital eye scans in the community for diabetes patients, helping to prevent sight loss.
‘Ping and book’ cancer screening service to launch via NHS App

‘Ping and book’ cancer screening service to launch via NHS App

Women will be sent invitations for cancer screening via the NHS App as part of a new “ping and book” service, NHS England has announced.

1 Comments

  • I believe Google also received PRIVATE & sensitive medical details that we shared with health professionals we are supposed to TRUST. The YouTube videos received into my feeds were absolutely NOT coincidences but clearly based on what’s written in my medical records. Trust may be beyond repair; this is utterly damaging.

Comments are closed.