Tech is everywhere, and when it works, it makes our lives better. It’s a big reason tech’s biggest players — Google, Apple, Amazon, Facebook — are all getting into healthcare. There are a lot of problems that need fixing.
But it’s rarely that simple.
Google’s computing power, for example, could revolutionize the medical records system and advance medical research, but what if it’s done at the expense of patient privacy? Facebook Groups give patients unparalleled tools for connection, support, and information-sharing. But what if the platform also puts users’ health data at risk?
While there’s cause for concern with virtually any company in this space, privacy advocates remain focused on one more than any other: Facebook.
Many believe Facebook’s elevated scrutiny is well-justified. It has a long history of privacy-related failures that have eroded public trust. While plenty of companies have had widely publicized data privacy lapses, few have been as consequential or as heavily covered as Facebook’s.
It’s especially fair for patients to be riled up over Facebook’s slow or insufficient responses to these lapses. Mark Zuckerberg said at this years’ F8 developer conference that the future of Facebook is private — and that privacy will be a cornerstone of the platform going forward. But can Zuck be taken at his word?
For all the privacy advocates urging Facebook users to jump ship, the majority seem to be staying put. Of the more than 400 Patient Leaders we surveyed in early 2019, 98 percent still use Facebook. Only three percent have stopped using the platform or deleted their accounts out of privacy concerns.
In that same survey, we learned that many Patient Leaders rank Facebook as their preferred platform and nine in ten are members of a health-related Facebook group. They don’t entirely trust Facebook, but they find it adds real value to their lives.
Many say the value they and their peers get from Facebook makes the tradeoffs worth it. But in a worst-case scenario, when it comes to users sharing sensitive, personal health data, some fear the worst could be truly catastrophic.
There is a legitimate concern that personal health data in the wrong hands could affect relationships, reputations, jobs, and access to insurance. Patient advocate Grace Cordova explains: “Patients fear being discriminated against, suffering a reputation loss, the risk of losing employment opportunities, and being classified in a manner that makes insurance unaffordable or potentially inaccessible.”
Are there real-world examples of any of this happening? Not that we know of. But many fear it’s only a matter of time.
Facebook Privacy Best Practices
For patients who understand how serious the potential risks are but find Facebook too valuable to leave, it’s more important than ever to have a clear understanding of best practices for data privacy and security.
A key concern is patients giving Facebook and its third-party partners access to data without realizing it. While Facebook offers users a fair amount of control over privacy settings, many fail to take a hard look at their settings on a regular basis. Only 37 percent of the Patient Leaders we surveyed had taken steps to optimize their privacy settings. If you care about data privacy — and you most certainly should — here’s what you need to know.
Personal Privacy Settings
Facebook’s privacy settings are fairly straight-forward. Most privacy controls are found in the Settings menu by clicking on the menu icon. This is found in the upper left corner of both the Facebook app and the browser view when using a computer.
Who Sees What
When you post new content on Facebook, you are always given control over who will see it. For example, you can share a picture publicly or with just your friends. You can even choose specific friends rather than sharing with your entire friends list. This is done with a simple drop down menu at the top of the post editor. Important to remember: if you don’t modify this setting, your next post will automatically default to the same audience. Make a point of double-checking this setting before you post.
Who Can Find You
You can make your profile as easy or as difficult to find as you’d like. Unless you change this setting, your Facebook profile and picture will be searchable by search engines. You can also limit who can search for you using your phone number or email address.
Does Facebook have permission to track your location? When location tracking is on, it’s typical for location-based ad targeting to follow you. It can also mean that others will be able to see where you are posting from. These settings can be adjusted on your phone itself, as well as the Facebook settings menu. Click on Location Settings under the Privacy section of the settings menu to adjust how you are tracked.
Facebook’s facial recognition tool is used to tag friends in photos but privacy experts worry that it could eventually be used in a much broader and more troubling context. You can turn off facial recognition in the Privacy section of the settings menu.
3rd Party Access
Even if Facebook was entirely dedicated to your privacy, you’d still have to remember that third-party partners can access your data. Logging in to various apps and websites with your Facebook credentials might be convenient, but if you don’t want these third-parties to have access to your data, you may want to reconsider. Under the Security portion of the Settings menu, click on Apps and Websites.
Letting Facebook Follow You
Facebook’s data collection doesn’t stop just because you stop browsing your news feed. Unless you take steps to stop it, Facebook may gather information about your activities on other websites, including what you’re shopping for, what you’re reading and what you’re watching. IRL, this behavior would be considered stalking. Online, it’s a standard practice.
Fortunately, you can limit its scope and intensity. Installing an ad-blocking extension on your browser is one way. Another is to use Facebook’s Clear History feature (found under Off-Facebook Activity in the Settings menu), which lets you delete past information from your account about how you’ve used other websites and apps.
Another setting lets you turn off future off-Facebook activity tracking. Turning this setting to Off means you will be unable to log in to other apps and websites through Facebook.
Security experts agree that two-factor authentication is one of the best ways to protect yourself from a hack. You can turn on two-factor authentication in Facebook’s Security and Login settings. Facebook has misused this tool in the past, so your best bet might be to use a dedicated app such as Google Authenticator or Duo Mobile to accomplish the same goal.
Download Your Data
In the wake of the Cambridge Analytica scandal and the public outcry, Facebook created a tool that lets users see all of the data it has collected. At the bottom of the settings menu is a section titled Your Facebook Information.
Click on Access Your Information to see everything from the places you’ve been and the events you’ve attended to the comments you’ve posted and the photos you’ve been tagged in over the years. Seeing the cold, hard truth of the data you’ve been sharing over the years might make you reconsider some of your Facebook behavior. You can look at this data category by category or you can download the entire collection.
Think Before You Share
You can fine-tune your privacy settings to your hearts’ content but at the end of the day it’s what you share that matters most. We’ve all heard the stories of old posts or pictures on Facebook coming back to haunt people in their relationships or even job interviews. It’s good advice for everyone to post with the thought of it being seen by people you didn’t intend.
For patients using Facebook to talk about sensitive personal health information, that may be an especially wise practice. If you’re an “open book” type who likes to share a lot, or if you’re not very risk-averse, you may wish to continue to share freely and widely.
But if you prioritize privacy, you may wish to avoid sharing too many details about your health status. Can you talk about the results of an important medical test without giving the specifics of your results? Can you ask for advice about talking to loved ones or your healthcare provider about your health condition without naming names or including identifiable details? And are there times you might want to find a way to continue the conversation off of Facebook altogether.
Group Privacy Settings
For patients, much of the appeal of Facebook comes from group functionality. Online patient communities are thriving on Facebook, bringing support, education, and connection to hundreds of thousands of patients and caregivers. For group admins, the decision about how to manage the privacy question is important.
Facebook offers three different types of groups: open, private visible, and hidden. Open groups allow anyone to see who is a member and anyone can see the content posted and shared within the group. Only members can post and comment. While some patient groups choose this designation for maximum accessibility, the lack of privacy control for group members makes it a less than ideal choice for many.
Hidden groups offer the most privacy but because they are hidden they are impossible for new members to find on their own. To gain access they must receive an invitation from an existing member. For health conditions with a significant stigma attached, this group type might be preferable.
The majority of patient groups use the private visible designation. The group is searchable and new members can request to join, but only group members can see the group’s content. If an admin changes the group’s privacy setting, Facebook automatically notifies group members of the change.
Facebook recently added the ability for groups to be designated as “health support groups.” With this designation, users have the option to anonymously post health questions to the group. “I have members who want to ask questions, and they don’t want to offend anyone, or they just don’t want a spouse or caregiver to see it,” said Ashley M. Greiner, a group admin with congestive heart failure who urged Facebook to add this ability. “Anonymous posting is a great step toward making support groups better.”
Better Tools for Admins
As Facebook transitions from its “town square” to “living room” model, groups are a top priority. As such, the company is making some positive efforts to make groups work better. One announced change is designed to both hold group admins to a high standard and to better equip them with tools to succeed.
Group admins will have access to the Group Quality tool which will help them navigate the challenge of moderation and managing group rules. While this tool was designed to help prevent the spread of racist and otherwise destructive groups from flourishing, it will also help those moderating patient groups.
Do group admins have a responsibility to educate group members? Many Patient Leaders running thriving groups on Facebook say “yes.” Some are already educating group members about how to determine if online content is trustworthy or not, but educating about online data security may also be called for. In addition to making clear your group’s privacy settings and group rules, it might be wise to periodically caution users against sharing too much detailed personal health information in the group, especially health information that is sensitive in nature.
Whether you love or hate Facebook, all indications are it’s not going anywhere. Large numbers of patients still count it as their preferred platform and it offers many the support and community connection they need. Yet it’s also clear that Facebook deserves wariness. As Tech Republic bluntly describes, you can look back and see “a decade of apparent indifference for data privacy.” Patients who have lost trust in Facebook have every reason to feel that way.
And nonetheless, most patients choose to stay. Where does that leave us?
We need to continue to hold Facebook’s feet to the fire. Some have left Facebook behind and now are making it their mission to get others to see why they are so concerned. Kudos to them for prioritizing data privacy and better yet, for trying to get the word out about the problem. We need these voices to raise to a chorus before data security comes to be recognized as a vital core value by every tech company.
Everyone needs to take personal responsibility for controlling what they can. Security breaches and hacks are always a possibility. That’s the price of doing business on the internet today. Regardless, there is still a lot we can control. Every individual needs to take personal responsibility for regularly optimizing their privacy settings. We can make the choice about what to post and to whom. There’s every reason in the world to make those choices wisely — starting today.