HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Facebook Makes Changes to Health Support Groups to Better Protect Users’ Privacy

Facebook is making changes to Facebook Groups used to discuss health conditions. The move comes following criticism that Facebook Groups were being promoted as private and confidential when information about participants in health groups was being made available to third parties for advertising purposes.

In January, a complaint was filed with the Federal Trade Commission alleging the content of private Facebook health groups had been shared with third parties. Some members of these health support groups claimed they had been targeted by advertisers who had offered products and services related to health conditions that had only ever been discussed in closed, private Facebook health groups.

The groups are used by individuals with health conditions to obtain advice and receive support. Groups have been set up to help people with a wide range of health conditions, including cancer, substance abuse disorder, and mental health issues. Information was being openly discussed by members of the groups in the belief that the groups were confidential. Not only were advertisers able to contact members of these groups, it was also possible for members of the public to find out the names of people who were members of the groups.

Facebook was accused of deceptively soliciting patients to sign up and use closed and private health groups when their personal health information was actually being used to generate advertising income.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

In response to the complaint, Facebook has made changes that will allow users to post information anonymously in health groups. The groups will be given a special designation – Health Support Group – and will be treated differently to other Facebook Groups. Members of the groups will be allowed to request that group administrators post messages on their behalf. This measure will allow posts to be made that will not be tied to a user’s Facebook profile and their name will not appear on those posts. The move was announced by Facebook founder, Mark Zuckerberg, at Facebook’s annual developer conference.

While the move is a step in the right direction and will help to ensure that comments can be posted in confidence, a group administrator will be able to tie a comment to a particular user and information discussed in the groups will still be able to be used for advertising purposes.

Facebook is not an entity covered by HIPAA Rules and neither is it a business associate of HIPAA-covered entities, so it is not required to comply with HIPAA’s Privacy and Security Rules.  To protect the privacy of consumers, what is needed is a federal law to limit the collection and use of users’ sensitive information and to prevent social media and other tech companies from engaging in deceptive practices.

This is not the only Facebook issue concerning health data to have come to light in recent months. Third-party health app developers were discovered to be sharing users’ data with Facebook and, in some cases, without users’ consent. The issue was highlighted in a report in the Wall Street Journal and was viewed by many to be a serious violation of privacy. Facebook’s response was that its policies strictly prohibit app developers from sharing the sensitive health information of app users with Facebook and it is the responsibility of app developers to make sure sensitive information is not sent to Facebook.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.