CareSet leaves Facebook Because of Patient Privacy Concerns

Now that the FTC complaint from our CTO, Fred Trotter (as well as Andrea Downing and David Harlow) has been made available to the public, and apparently Congress, it is time to announce a minor change in CareSet’s marketing strategy. CareSet is deleting its Facebook page. 

Facebook dislike button

credit: Wikimedia Commons

What began as a college dorm project has turned into a behemoth of an online platform. With more than two billion users, Facebook is larger than many countries. And with that many people, it would be safe to assume that it should act as a country, enacting policies in order to keep its people safe. But it’s never safe to assume. And unfortunately, Facebook has not been working for its citizens. They are not taking extra precautions to maintain users’ privacy. For that reason, we are leaving.

The Beginning of the CareSet/Facebook Relationship

We originally had a Facebook page because, well that’s just what companies do to market their services. In order to increase brand awareness and reach all audiences, any company should have a page, or so we were told. Whether for reaching out to potential clients or for recruiting purposes, a Facebook presence has been a given. We set up a page and casually maintained it. We certainly weren’t using it for its full potential, but we had a page. That was something. And we even paid to promote a post here and there. We were online and part of the herd. Our social media footprint was forming.

Facebook had long been around before CareSet, and as it seems, will still remain without us contributing. We simply cannot continue to be a part of it. You can still follow us on Twitter and LinkedIn.

Facebook’s Longstanding Battle with Privacy

There have been numerous reports over the years regarding Facebook and their questionable policies around its users. There have been calls for people to #deletefacebook and even calls to sue the company. Facebook still stands, growing its user base every day.

It began as early as 2007 when the organization was still in its infancy, way before CareSet was even a thought. When Mark Zuckerberg apologized for Beacon, Facebook’s advertising program, that should have been red flag number one. The user base kept growing.

In February of 2009, Caroline McCarthy wrote a piece touching on Facebook’s vague content rights policy. Even back then their terms were open to interpretation and left a little hole for more concern later on down the road. And still, the user base continued to grow.

Later that year Kevin Bankston wrote a blog post going over the “new” Facebook privacy settings. Things weren’t looking so great for users. He criticized the company for making certain information “publicly available” by default. Yet, most people were apparently okay with that, or not concerned enough to quit the social media platform.

A few years after that, deeper privacy concerns ensued. A Forbes article by Chunk Mui notes Carnegie Mellon research using Facebook’s off-the-shelf face recognition software. The results were disheartening. I think you know where this is going.

In 2012 Facebook and the FTC came to a settlement. The social media platform agreed to two decades of privacy audits to be conducted every two years, among other requirements in order to bar them from sharing users’ information. Here we are in 2019 still dealing with Facebook and its blatant disregard for user privacy.

In 2015, a young intern at the company was let go for exposing a privacy flaw. He created an app showing Facebook messengers users’ exact locations. It was meant to be a public service. The company asked the student to disable the app. Later on, Facebook released an update to the messenger app addressing the issue.

By 2018, the lessons should have been learned from the damage already done. The Cambridge Analytica scandal should have been the nail in the coffin for the social platform. But wait, there’s more! All of these issues are dealing with your everyday privacy rights. They are being snatched out of our hands as soon as we open them. We haven’t even begun to mention what Facebook is letting slide when it comes to our health. Many people are in patient support groups on the site. And you should be angry with Mark and friends for not being HIPAA compliant.  

Facebook vs. Patients

Over on missingconsent.org, you can read about how Fred, Andrea, and David begged Facebook to fix security flaws for patients. And how they filed an FTC complaint after that failed to work.

The main page of missingconsent.org details everything that patients should have been told before using Facebook.

  • Facebook misled patient communities. They have not acknowledged the vulnerabilities of the platform when it comes to closed groups.
    • Facebook requires actual names rather than aliases. Because of this, insurance companies and employers can scrape your information and work in their favor.
    • Even if a group is closed, Facebook considers the contents, including its members, as public information.
    • Until very recently, anyone could add a person into a group, thus making your information vulnerable without your consent.
    • Facebook allows closed and private groups to live under the premise that they’re truly private, and that’s not accurate.

You can read the details of the vulnerabilities that were originally submitted to Facebook.

  • Third-parties can scrape names, locations, and contact information of vulnerable population groups.
  • Group membership does not equate to being diagnosed.
  • One can write a script to search for said groups.

You can read Facebook’s underwhelming response, which basically said: “there is no problem here”.

You can read the complaint that was submitted to the FTC.

The End of the CareSet/Facebook Relationship

As we rethink our relationship with Facebook, we have to admit that there are some similarities in the business model of Facebook and CareSet. Facebook sells healthcare information about individuals, and CareSet does too. But there are important differences in the way CareSet approaches patient data:

  • We take steps to ensure that data that we release is never used against patients.
  • We frequently restrict what we release to the public, to be sure that malicious people cannot use our data against people.
  • We do everything we can to respect both the legal and moral privacy rights of individuals who are described in our data releases.

This does not mean that we will always get it right on patient privacy. But if we do ever make a mistake, we will own up and do what we can to make it right, instead of perpetually denying the problem as Facebook has done.

When it becomes clear that Facebook is a healthcare data vendor who does not respect patient privacy, it becomes pretty obvious that we should not be working with them given that we do respect data privacy.

So it is time to leave Facebook.

 

Victoria Hernandez

Victoria serves as a Marketing Specialist and is a budding Data Journalist at CareSet. She holds a B.A. in Communication from Texas A&M University. Victoria has run three marathons and is the leader of Free Fit Hou.