Facebook faced another privacy issue when the social media giant asked hospitals to share anonymized patient information such as illnesses and drug prescriptions as part of a research project. The social network intends to merge the data from hospitals and the data of Facebook users to help medical institutions in improving patient care.
However, the proposal didn’t pursue in its planning stages and is currently on pause when the Cambridge Analytica scandal leaked, which raised concerns about how Facebook collects and uses data from its users.
“This work has not progressed past the planning phase, and we have not received, shared, or analyzed anyone’s data,” said Facebook’s spokesperson in a statement with CNBC.
Despite announcing that the proposal didn’t push through, just recently FB was found talking to health organizations like Stanford Medical School and the American College of Cardiology regarding the signing of the data-sharing agreement.
Although the information that can recognize the identities of patients (i.e., patient’s name) will be obscure, Facebook proposes to use a mutual computer technology called, ‘hashing,’ when matching people in both data platforms. The company says that the information will only be accessible and will only be used by researchers in the medical community.
This proposal could ignite public concerns about how Facebook collects a massive amount of information from the users without consent and how the data can be used in unexpected ways.
Just like what happened with Cambridge Analytica, an organization that worked for Donald Trump used data from Facebook users without permission. The organization then used the collected data for targeting political ads.
After the Cambridge Analytica scandal, FB improved its privacy policies and created new ways that allow users to control what information they permit to share with the social media platform. Facebook users can as well control where their data are used.
Interventional cardiologist, Freddy Abnousi, led Facebook’s proposal. According to Abnousi’s LinkedIn account, he describes his role as “leading top-secret projects.” The proposal was under the head of the social network’s “Building 8” experiment projects group, Regina Dugan, who left in October 2017.
According to people who are familiar with the proposal, the pitch aims to combine the information from healthcare systems (i.e., age, medications, and medical history) with the data the Facebook collects such as, age, marriage status, number of children, or community activities.
The project aims to determine if the combination of information from the social network and hospitals would improve patient care especially for people who have cardiovascular problems. For example, Facebook could specify if a patient has nearby friends or relatives who can help the patient in times of emergency. If there are no individuals near the person who can help in times of need, healthcare systems can send a private nurse to monitor the patient’s health. It could be especially useful if the patient underwent major surgery.
According to a statement from Cathleen Gates, the interim CEO of the American College of Cardiology, Facebook’s pitch has potential benefits, “For the first time in history, people are sharing information about themselves online in ways that may help determine how to improve their health. As part of its mission to transform cardiovascular care and improve heart health, the American College of Cardiology has been engaged in discussions with FB around the use of anonymized FB data, coupled with anonymized ACC data, to further scientific research on the ways social media can aid in the prevention and treatment of heart disease—the #1 cause of death in the world. This partnership is in the very early phases as we work on both sides to ensure privacy, transparency and scientific rigor. No data has been shared between any parties.”
Medical institutions are careful in sharing patient information as there are laws that protect the private information of patients. These legislations and federal regulations are designed to prevent data from falling in the wrong hands. To comply with privacy laws, Facebook proposes to keep personally identifiable information unknown in the sharing of information in both sets.
Instead, the social media giant suggests the use of hashing, a common cryptographic technique, when matching individuals. Hashing will then be able to match specific sets of data from Facebook and medical institutions.
Patient consent was not deliberated in the early stages of the discussions. User permission had been one of the significant factors that critics pointed out about their privacy concerns. People consent was highlighted during the 2014 event when Facebook manipulated the users about which content in the Newsfeed made them happier or sadder.
Health policy experts believe that the social network’s proposal can be problematic if the company fails to consider the privacy implications of patient information sharing.
According to the president of a health software company called CareJourney, and previous White House chief technology officer, Aneesh Chopra, “Consumers wouldn’t have assumed their data would be used in this way.”
“If Facebook moves ahead (with its plans), I would be wary of efforts that repurpose user data without explicit consent.”
According to FB in a statement with CNBC, the company’s plans include:
“The medical industry has long understood that there are general health benefits to having a close-knit circle of family and friends. But deeper research into this link is needed to help medical professionals develop specific treatment and intervention plans that take social connection into account.”
“With this in mind, last year Facebook began discussions with leading medical institutions, including the American College of Cardiology and the Stanford University School of Medicine, to explore whether scientific research using anonymized Facebook data could help the medical community advance our understanding in this area. This work has not progressed past the planning phase, and we have not received, shared, or analyzed anyone’s data.”
“Last month we decided that we should pause these discussions so we can focus on other important work, including doing a better job of protecting people’s data and being clearer with them about how that data is used in our products and services.”