Compliant to FTC accuses Facebook of exposing users’ sensitive health data in groups

A complaint was filed with the Federal Trade Commission accusing Facebook of misleading its users regarding the private nature of closed Facebook groups and exposing users’ sensitive health data. The complaint claims that the company has deceptively pulled patients into using its ‘Groups’ product where they share personal health information about their health challenges and issues.

The complaint was filed by health IT and cybersecurity researcher Fred Trotter, healthcare lawyer David Harlow, J.D., and patient advocates who have used closed Facebook groups. They have asked the FTC to investigate into Facebook’s unfair, deceptive and misleading private policies and look into the failure to notify the FTC of health data breaches, violating the FTC's PHR breach reporting rule. 

They claim Facebook has failed to protect the sensitive health information uploaded by users and this information was exposed to the public. It argues that Facebook’s private policies are unclear, and users are not informed about how their data will be used.

By encouraging patients to use the closed groups to share health information, such as to discuss specific health conditions, Facebook is offering a personal health record (PHR). The complaint states that it implies that the platform should be regulate by the FTC.

Though such groups and telehealth software empower patients, privacy issues are always a challenge.