Skip navigation

Inside The Markup

The Markup Wins Digiday Media Award

Our investigation into hospitals sending sensitive information to Facebook won “Best Story”

Illustration of a greyed out web browser showing a hospital portal. A white hand behind it is pulling off a strip of the browser and pills are falling out of that strip. There is a blue glow behind the edge of the browser window.
Anson Chan

An investigation by The Markup into online tracking by hospitals has won “Best Story” in the 2023 Digiday Media Awards. The awards recognize the most innovative work the industry has to offer. 

In the story recognized by Digiday, “Facebook Is Receiving Sensitive Medical Information from Hospital Websites,” we revealed that 33 of the top 100 hospitals in the U.S., along with at least seven health care systems, were sending patients’ sensitive health information to Facebook through a web tracking tool. 

The tool, known as the Meta Pixel, exposed patients’ IP addresses, effectively linking their medical information and doctor’s appointments to their identity. Under the federal Health Insurance Portability and Accountability Act, or HIPAA, health data linked to an IP address is protected, and organizations covered by HIPAA, like hospitals, cannot share it with third parties without patient consent or a contract that requires the third party to provide the same level of protection. A former senior privacy adviser to the U.S. Department of Health and Human Services was quoted in our investigation saying, “I cannot say [sharing this data] is for certain a HIPAA violation. It is quite likely a HIPAA violation.”

The investigation revealed that the health care providers sent Facebook, at times, patients’ specific conditions, the search terms they entered to find the right doctor, the name and dosage of their medication, their sexual orientation, and the name of their doctor.

The investigation was enabled by the Pixel Hunt project, a collaboration between The Markup and Mozilla Rally. The project was a crowd-sourced undertaking in which anyone could install Mozilla’s Rally browser add-on in order to send The Markup data on the Meta Pixel as it appeared on sites that they visited. This allowed The Markup to discover when sensitive information was sent to Facebook from within password-protected patient portals. 

↩︎ link

Ongoing Coverage

The Markup has continued to investigate websites that have shared sensitive data through the Meta Pixel:

Follow our full Pixel Hunt series for our investigations and impact.

A huge congratulations to the entire team that worked on the piece: Todd Feathers, Simon Fondrie-Teitler, Angie Waller, Surya Mattu, Rina Palta, Micha Gorelick, Gabriel Hongsdusit, Maria Puertas, and Jill Jaroff.

Congratulations to all of this year’s Digiday Media Award winners.

We don't only investigate technology. We instigate change.

Your donations power our award-winning reporting and our tools. Together we can do more. Give now.

Donate Now