Novant Health shared that, in an effort to be as transparent as possible, it is mailing letters to some of its patients following possible disclosure of protected health information (PHI) resulting from an incorrect configuration of a pixel, an online tracking tool.
In May 2020, as our nation confronted the beginning of the COVID-19 pandemic, Novant Health launched a promotional campaign to connect more patients to the Novant Health MyChart patient portal, with the goal of improving access to care through virtual visits and provide increased accessibility to counter the limitations of in-person care. This campaign involved Facebook advertisements and a Meta (Facebook parent company) tracking pixel placed on the Novant Health website to help understand the success of those efforts on Facebook. A pixel is a piece of code that organizations commonly use to measure activity and experiences on their website. In this case, the pixel was configured incorrectly and may have allowed certain private information to be transmitted to Meta from the Novant Health website and MyChart portal.
Immediately upon becoming aware that the pixel had the capability to transmit unintended information to Meta, Novant Health disabled and removed the pixel as a precaution and began an investigation to learn whether, and to what extent, information was transmitted. Based on that investigation, Novant Health determined on June 17, 2022, that it was possible sensitive information or PHI might have been disclosed to Meta, depending upon a user’s activity within the Novant Health website and MyChart portal. This information potentially included an impacted patient’s: demographic information such as email address, phone number, computer IP address, and contact information entered into Emergency Contacts or Advanced Care Planning; and information such as appointment type and date, physician selected, button/menu selections, and/or content typed into free text boxes. The information did not include Social Security numbers or other financial information unless it was typed into a free text box by the user. The letter sent to each patient will specifically state whether such financial information may have been involved.
Based on its investigation, Novant Health is unaware of any improper use or attempted use of any patient information by Meta or any other third party. According to Facebook’s Terms and Conditions, they have policies and filters that block sensitive personal data and do not incorporate that information into their Ad Manager. However, to be safe and transparent, Novant Health is sending letters to all potentially impacted patients, including some who are patients of independent physicians and facilities who use the Novant Health MyChart medical record. Novant Health has also implemented more structure, governance and policies around the use of pixels and is taking actions to ensure this does not happen again.
For more such updates follow us on Google News ITsecuritywire News