Photo by Amelia Holowaty Krales / The Verge

According to an investigation by The Markup, many hospital websites have a tracking tool that allows them to send sensitive medical information to Facebook. Hospitals using the tool may be in violation of the health privacy law.

33 of the top 100 hospitals in the United States use a tracker on their websites, according to a new report. The MetaPixel gives groups access to data about Facebook andInstagram ads, but also tracks how people are using their websites: the buttons they click, the information they put in forms, and so on.

There could be sensitive health information on the hospital website. Clicking the scheduling button on a hospital website gave Facebook a doctor's name and the condition "Alzheimer's" that was scheduled for.

The Meta Pixel was installed in patient portals in seven health systems. Information on one patient's doctor's name and appointment time, as well as on another's allergic reactions to specific medications, were given to Facebook by the website.

Hospitals aren't allowed to share identifiable health information with third parties without patients' permission. They're able to use and share data. Information linked to an internet protocol address can be used to classify data as health information. Glenn Cohen is the faculty director of the center for health law policy at Harvard Law School.

Facebook has filters that detect and remove health data from businesses, according to a Meta spokesman. It is not known if the data was caught by the filters or not. Sometimes the filters don't work as expected. Information about people looking for information about abortion or emergency contraceptives made their way to the platform through another investigation.

At least five of the hospitals with the tracker in their patient portal had their websites removed because of the findings from The Markup.