Healthcare Information Security

Patient Privacy News

Facebook Accused of Exposing User Health Data in Complaint to FTC

A health privacy group accused Facebook of misleading users about its privacy of closed health groups; US lawmakers sent a letter demanding answers from CEO Mark Zuckerberg in response.

social media health security

By Jessica Davis

- A group of health privacy experts recently filed a complaint with the Federal Trade Commission, accusing Facebook of misleading users about its privacy policies of its “closed” health groups.

Filed in December with the FTC and made public this week, the complaint was written by a group led by health IT researcher Fred Trotter and Andrea Downing, a co-moderator for a breast cancer patient group.

According to the 43-page complaint, the group alleged that Facebook “deceptively solicited patients to use its 'Groups' product to share personal health information about their health issues.” Further, the company failed to protect uploaded sensitive health data and exposed the information to the public.

Facebook’s privacy policies are unclear, and users are uninformed as to how their data will be used by the company, the complaint claims. And by soliciting individuals to join closed groups to share their health data in group channels to discuss health conditions, Facebook marketed the product as a “personal health record.”

The group claimed this identifiable health data was leaked, which Facebook then failed to disclose.

“Sharing of privately posted personal health information violates the law, but this serious problem with Facebook’s privacy implementation also presents an ongoing risk of death or serious injury to Facebook users,” the complaint reads.

“Facebook has ignored our requests to fix the specific issues we have identified to the company and denies publicly that any problem exists,” it continued. “All of this represents unfair, deceptive and misleading interactions between Facebook and its users in violation of the FTC Act.”

Among its complaints, the group claimed Facebook “actively solicits and uses AI to nudge individuals into joining patient support groups on the platform.” These actions also violated Facebook’s 2012 consent order, already subject to FTC investigation.

The group also provided copies of its communications and responses with Facebook. Further, they outlined the crux of the issue: missing consent. Facebook should have more clearly explained its data and privacy policies.

In response, the House Committee on Energy and Commerce sent a letter to Facebook CEO Mark Zuckerberg demanding answers, given that the “complaint raises a number of concerns about Facebook’s privacy policies and practices.”

“Labeling these groups as closed or anonymous potentially misled Facebook users into joining these groups and revealing more personal information than they otherwise would have,” the committee members wrote. “These groups were called closed groups and often had the word ‘anonymous’ in their name, suggesting that information shared within the group and even membership would be private.”

“Facebook may have failed to properly notify group members that their personal health information may have been accessed by health insurance companies and online bullies, among others,” they added.

The committee gave Zuckerberg until March 1 to respond to the issues raised in the complaint to “better understand Facebook’s practices with respect to so-called closed and anonymous policies.”

Facebook has been under fire for more than a year for its privacy policies, which were brought to light by the Cambridge Analytica scandal in early 2018. It was revealed the British political consulting firm harvested the data of millions of Facebook users without consent for political purposes.

Currently, FTC and Facebook are negotiating a multibillion dollar fine, stemming from the scandal. The social media platform has also experienced several data leaks and has faced fines in the EU for its privacy lapses. And last week, Germany began restricting the platform’s data gathering, in light of these privacy concerns.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...