Beware Facebook’s Preventative Health tool

Trust is earned, so Facebook's deep in the red.

Towfiqu Photography/Moment/Getty Images

You should probably think twice before using Facebook’s new Preventative Health tool. First, the Health Insurance and Portability Act (HIPAA) doesn’t extend to information shared on social media platforms. And second, it’s Facebook, a company that has an atrocious track record with misusing, monetizing and generally failing to protect its users’ data.

Science journalist Emily Mullin pointed out the gap in HIPAA’s purview on Twitter on Sunday, saying the way the legislation works “Facebook is not obligated by law” to protect health data users choose to share with it.

Important work… for someone else to do — Is regular screening and other pre-emptive healthcare important? Absolutely. Do we want Facebook involved in it? Not even a little bit. The company claims it won’t share any data from its Preventative Health service publicly, with other users, or with third parties like insurance companies. But it concedes “people at Facebook who work on the product” will have access.

That’s fair enough, but it’s hard to take Facebook’s reassurances to heart given its dumpster inferno of a track record when it comes to privacy, never mind healthcare. Forgetting for a moment the countless debacles of recent years, let’s consider those of recent months.

Facebook prevention is better than cure — Aside from accidentally exposing information about 267 million of its users, Facebook enabled groups pushing dangerous and bogus cancer treatments to flourish, and allowed unfounded HIV-drug warning ads to run for months.

This is also the company that built a chatbot to help employees defend working at it if quizzed by worried family members, turned users’ phone numbers from a security measure into friend suggestions, and uses whatever means possible to continue serving location-based ads to users who’ve opted out of location tracking.

If you want to make sure Facebook doesn’t share your health data the only seemingly surefire way to do so is to not share any with the platform in the first place.