EULA You HIPAA social media app infringements

Your apps are your security enemy. Here’s what we’ve recently discovered.


What do End User License Agreements and HIPAA have to do with each other? According to recent discoveries, a heck of a lot. It turns out apps like Meta's Facebook and Messenger, Instagram, Tik Tok, and others, are mining your data and activity on an unprecedented scale. Here's what we know.

Social media apps have torn a page out of the hacker's handbook and are using malware-type code within their apps to track your activity. Sure, we know they're tracking our locations, our likes, and scraping the comments we enter. What most of us didn't realize is they're also using keylogging software to record our keystrokes - in some cases even outside of their applications. Let's take an in-app example.

Most social media apps now imbed their own browsers. Users can use these browsers to view content within the app and even go to other websites as they do with a traditional browser. ALL of this activity is being tracked, recorded, and shared with advertisers and others. Additionally, if you go to an advertiser's app or website, Instagram and others are likely still authorized to track you. If you consider the list of advertisers on these platforms, like pharma, Apple, Microsoft, etc,  it may be easier to make a list of who doesn't advertise with them.

So it's conceivable, that these apps have the ability, and permission, to track almost everything you're doing on your laptop, phone, or whatever device you're using (did I mention Tik Tok's EULA grants them permission to track you across any device, even devices where their app is not installed?)

That's where HIPAA comes in. If you have these apps installed on your phone or tablet, and you also use that device to access Protected Health Information, then there's a probability this access information and your activity is being tracked.

As it stands, the European Union is looking into this and has invited Meta for a sit-down. When it comes to Tik Tok, however, the rules are different because, as you know, Tik Tok is owned by China and is considered by many cybersecurity experts to be an intelligence weapon, so we can't expect much action on that.

Here's what you need to do. Whatever devices you are using to access PHI, or other sensitive data, should be scrubbed free of any social media type of applications. While this may not plug all of the holes we're facing, it's a step in the right direction.

Be smart and be safe with your devices.

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top