Novant Health Notifies Patients of Potential Data Privacy Incident
Patients face possible disclosure of protected health information (PHI) to Meta, Facebook's parent company, resulting from an incorrect configuration of an online tracking tool.
August 23, 2022
PRESS RELEASE
WINSTON-SALEM, N.C., Aug. 19, 2022 /PRNewswire/ — Novant Health shared that, in an effort to be as transparent as possible, it is mailing letters to some of its patients following possible disclosure of protected health information (PHI) resulting from an incorrect configuration of a pixel, an online tracking tool.
In May 2020, as our nation confronted the beginning of the COVID-19 pandemic, Novant Health launched a promotional campaign to connect more patients to the Novant Health MyChart patient portal, with the goal of improving access to care through virtual visits and to provide increased accessibility to counter the limitations of in-person care. This campaign involved Facebook advertisements and a Meta (Facebook parent company) tracking pixel placed on the Novant Health website to help understand the success of those efforts on Facebook. A pixel is a piece of code that organizations commonly use to measure activity and experiences on their website. In this case, the pixel was configured incorrectly and may have allowed certain private information to be transmitted to Meta from the Novant Health website and MyChart portal.
Immediately upon becoming aware that the pixel had the capability to transmit unintended information to Meta, Novant Health disabled and removed the pixel as a precaution and began an investigation to learn whether, and to what extent, information was transmitted. Based on that investigation, Novant Health determined on June 17, 2022, that it was possible sensitive information or PHI might have been disclosed to Meta, depending upon a user's activity within the Novant Health website and MyChart portal. This information potentially included an impacted patient's: demographic information such as email address, phone number, computer IP address, and contact information entered into Emergency Contacts or Advanced Care Planning; and information such as appointment type and date, physician selected, button/menu selections, and/or content typed into free text boxes. The information did not include Social Security numbers or other financial information unless it was typed into a free text box by the user. The letter sent to each patient will specifically state whether such financial information may have been involved.
Based on its investigation, Novant Health is unaware of any improper use or attempted use of any patient information by Meta or any other third party. According to Facebook's Terms and Conditions, they have policies and filters that block sensitive personal data and do not incorporate that information into their Ad Manager. However, to be safe and transparent, Novant Health is sending letters to all potentially impacted patients, including some who are patients of independent physicians and facilities who use the Novant Health MyChart medical record. Novant Health has also implemented more structure, governance and policies around the use of pixels and is taking actions to ensure this does not happen again.
New Hanover Regional Medical Center patients are not impacted by this incident.
In addition to the resources shared, patients may call Novant Health at 704-561-6950 or visit www.novanthealth.org/pixel. Additionally, patients may also visit https://consumer.ftc.gov/online-security to learn more about best practices to protect their information online.
Novant Health takes privacy and the care of personal information very seriously and values patient trust to keep patients' medical information private. Novant Health will continue to be as transparent as possible and provide information to patients.
About Novant Health
Novant Health is an integrated network of hospitals, physician clinics and outpatient facilities that delivers a seamless and convenient healthcare experience to communities in North Carolina, South Carolina, and Georgia. The Novant Health network consists of more than 1,800 physicians and over 35,000 team members who provide care at more than 800 locations, including 15 hospitals and hundreds of outpatient facilities and physician clinics. In 2021, Novant Health provided more than $1.1 billion in community benefit, including financial assistance and services.
For more information, please visit our website at NovantHealth.org. You can also follow us on Facebook, Instagram, Twitter and LinkedIn.
SOURCE: Novant Health
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024