Health Tech: Virtual reality merger
Hello, Health Tech readers. It’s Tuesday.
👀 Situational awareness: Join Erin on Thursday with leaders from Cityblock and Carbon Health to talk all things primary care, equity and the current outlook for digital health deals. Register here.
1 big thing: STAT probe uncovers health data sharing concerns
Illustration: Gabriella Turrisi/Axios
Dozens of telehealth companies have shared sensitive medical data with social media companies including Meta, Google and TikTok, a joint investigation by science and health website STAT and The Markup found.
Manage the news: The analysis, published today, looked at 50 direct-to-consumer virtual care companies and found that the sites shared health information collected during intake and order forms with Big Tech companieswrites Erin.
- Those startups include weight management startup Calibrate, addiction treatment startup Workit, hybrid care company Thirty Madison and many others.
Yes, but: While the investigation has troubling implications for almost anyone who has visited or considered using a virtual care company for treatment, STAT and The Markup also said they “could not independently confirm how or whether Meta and the other technology companies use the data they collect did not use.”
Details: Pieces of code called pixels were used to send sensitive responses about behavior, including self-harm, drug and alcohol use, and personal information — including first name, email address and phone number — to Big Tech companies, according to the investigation.
How it works: The Meta Pixel sends data to Facebook through scripts that run in a user’s browser, according to a previous investigation by The Markup about Facebook receiving sensitive medical information from hospital websites.
- “Each data packet is tagged with an IP address that can be used in combination with other data to identify an individual or household,” that story said.
Meantime, trackers from Google and Microsoft (which runs Bing) on ​​other telehealth sites notified those companies that users’ email addresses were entered on “enrollment confirmation” URLs, according to the latest investigation.
What they say: Academics and former regulators told STAT and The Markup that the data sharing “threatens patient privacy and trust and may run afoul of unfair business practice laws.”
- “I thought I was hard to shock at this point,” said Ari Friedman, a University of Pennsylvania emergency physician who studies digital health privacy. “And I find that particularly shocking.”
- “The reason people use some of these services online is that they’re looking for privacy,” said David Grande, another UPenn digital health privacy researcher.
The bottom line: Although Workit has promised privacy through “HIPAA-compliant software,” many applications and solutions that track potentially sensitive health data are not subject to HIPAA regulation.
