Disclaimer: The information provided here is not intended to be, and does not constitute, legal advice. In addition, Meta has not officially confirmed any of this information. This is merely Tealium’s point of view on the proposed restrictions. Customers should seek their own legal advice in connection with the topics discussed in this document. 

Tealium has been receiving questions from our healthcare customers who are concerned about the recent data sharing restrictions announced by Meta for 2025.

This blog has been created as a guide so that you can understand these restrictions, and learn ways to potentially mitigate the impact of these restrictions on your healthcare marketing efforts.

Background

In November 2024, Meta announced new restrictions aimed at data sources, such as websites and mobile apps that share sensitive user data with Meta Business Tools. Healthcare is one of the categories impacted by these restrictions. These restrictions came into effect in early 2025. 

Meta has indicated that it may limit or even fully restrict data that healthcare organizations share with Meta Business Tools, as discussed in further detail below.

Why has Meta made this announcement now? 

It is Tealium’s understanding that Meta has announced these restrictions for the following reasons: 

1. Growing concerns around consumer privacy and stricter privacy regulations around the globe. 
2. Preventing advertisers from sharing information that is not allowed under the Meta Business Tools Terms.

With these new restrictions, Meta seems to be taking a proactive approach on sensitive data collection. Rather than putting the onus solely on advertisers to limit the sharing of sensitive information, Meta is independently examining where data originates and implementing restrictions where Meta deems appropriate.  

Which Meta products are covered by these restrictions?

At the time of writing, these restrictions appear to cover certain products within Meta Business Tools. Specifically, the following products seem to be covered: 

• Meta Pixel

• Conversions API

• App Events API

• App Events SDK

Other products within Meta Business Tools may also be covered in the future.

How will these restrictions impact healthcare organizations? 

• Data sources, such as websites and mobile apps, that share data with Meta Business Tools may be categorized by Meta.

• Depending on the categorization, these data sources may be subject to partial or full data sharing restrictions.

• Performance of ad campaigns that rely on restricted data may be impacted.

What types of data sharing restrictions can healthcare marketers expect from Meta? 

At the time of writing, healthcare marketers should familiarize themselves with the following types of restrictions that Meta has announced:

1) Core setup:

Core setup restricts the transmission of the following information within URLs transmitted to Meta:

• Custom parameters – These parameters are created by advertisers and are added to URLs shared with Meta for measuring conversion, event tracking, etc. Custom parameters are used to provide granular information about a visitor’s interaction with your website or app. 

• Anything in the URL following the domain – For example, the URL https://newdayhealth.com/appointment_type=EM may simply become https://newdayhealth.com/

2) Restrictions on certain standard events:

Within Meta Business Tools, standard events are pre-defined actions that allow you to track and measure common actions that users take across your websites and apps. Examples of standard events include: Add payment info, Complete registration, Contact, Search, Schedule, and Donate.

According to Meta, organizations may be restricted from sharing mid and lower funnel events, i.e., events that tend to occur closer to the point of conversion. In the healthcare context, this may refer to events such as Complete registration, Add payment info, Schedule, etc. that occur when a visitor to your website or app ‘converts’ to a potential patient or customer. Upper funnel events such as Search, and Donate are less likely to be restricted. 

3) Full restrictions:

Full restrictions may mean a total ban on organizations sharing data from a specific data source. 

For healthcare organizations, what this means is this: If a data source, such as a website, deals with sensitive medical conditions such as cancer, autism, addiction, etc. you may expect full restrictions on the data you share with Meta from that website. 

Will these restrictions affect ongoing campaigns? 

It is Tealium’s understanding that Meta will not pause ongoing campaigns. However, once you have received a notification about data sharing restrictions from Meta, effectiveness of any new campaigns may be impacted if these campaigns rely on restricted events. 

How will my organization be notified by Meta about these restrictions? 

Tealium believes that you may be notified by Meta in one or more of the following ways: 

• An email from Meta – The email may contain information on whether your organization’s website, app, patient portal, or a different data source has been categorized as sharing sensitive data, specific campaigns/events that were affected, etc.

• Within Meta Events Manager – Advertisers may see notifications at the business, data source, event level, etc. specifying the restrictions in place and the events impacted.

• Within Meta Ads Manager – Advertisers may see notifications on which campaigns are impacted.

Preparing for these restrictions 

Tealium recommends that healthcare organizations do the following to prepare for these restrictions: 

Check for notifications: Check to see if you received an email or in-product notification from Meta about data source categorization, restricted events, impact to ad campaigns, etc.

Manage data source categories: You can manage your data sources by confirming with Meta that they are categorized correctly and requesting a review if you think the categorization is incorrect. This page contains detailed instructions on how to do this. 

Seek legal advice: Speak with your legal counsel to understand the best course of action. Even if you didn’t receive a notification from Meta, if you believe the data you share with Meta might be restricted in the future, your legal counsel might be able to advise you on next steps.

Speak to your Meta client rep: They may be able to provide the most accurate and up-to-date guidance.

Adapting your Data Strategy 

In terms of how to address these restrictions, here are a few strategies to keep in mind: 

Leverage upper funnel events: If you have been heavily reliant on lower funnel standard  events such as Complete registration, Add payment info, and Schedule, consider modifying  your campaign optimization strategy to focus more on upper funnel standard events such as  View content, Search, and Donate.

Adjust your campaign: Consider adjusting your campaign to optimize for objectives such as Awareness, Engagement, and Traffic. By focusing on these objectives, you might be able to decrease the impact of not being able to share certain standard events with Meta Business Tools. This strategy becomes even more relevant if your data source is fully restricted from sharing data with Meta Business Tools. 

Custom Events: Another solution might be to leverage custom events instead of the restricted standard events. You can assign your own unique name when creating a custom event. However, naming custom events to be identical to the restricted standard events may lead to these custom events being restricted as well. It may be a better approach to use custom event names that don’t indicate lower funnel events. For example, instead of using an event name such as ‘book appointment’, consider a generic event name that doesn’t indicate a lower funnel conversion action. If you choose to send custom events to Meta, you need to review these events within Meta Events Manager to either confirm or block individual events. Meta provides detailed instructions on how to review custom events. 

Minimize the use of sensitive parameters: When configuring events to be shared with Meta Business Tools, you may want to minimize the use of potentially sensitive parameters. Instead, use generic parameters. For example, an event parameter such as ‘procedure_name’ may indicate potentially sensitive information about the visitor. Replacing it with something generic such as ‘topic’ may make the parameter less sensitive. Similarly, pay attention to the use of query string parameters when sharing URLs. A URL such as https://hospitalabc.org/appointment?patient_id=16343&treatment=insulin may be subject to restrictions. Instead, removing/obfuscating these parameters, or replacing these with something safe and generic might lower the risk of Meta restricting this data from being shared. 

Setting up attribution tracking outside of Meta: Consider leveraging another solution to track click-throughs from Meta as well as the visitor activity from your own websites and mobile apps. By capturing this data in a compliant data collection and reporting tool, you can glean valuable insights about your target audience without relying on third party vendors. When you have a flexible data solution, you can also transform the data you collect to remove any sensitive elements before sharing it with Meta. 

If you are looking to create a flexible data framework to help with your data collection, analytics, and data transformation efforts, Tealium can help. 

Summary 

Meta’s data sharing restrictions are aimed at data sources, such as websites and mobile apps, that share sensitive user data with Meta Business Tools. Healthcare is one of the major categories impacted. The reasons for these restrictions seem to be growing concerns around privacy regulations, and preventing advertisers from sharing information not allowed under the Meta Business Tools Terms.

Accordingly, healthcare data sources sending data to Meta may be categorized by Meta and subject to data sharing restrictions. At the time of writing, there seem to be three types of restrictions that may impact these data sources: Core setup, Restrictions on certain standard events, and Full restrictions. 

Healthcare organizations may be notified of these restrictions by Meta through email, or through in-product notifications within Meta Events Manager and/or Meta Ads Manager. 

Organizations must check if they received this notification. In addition, organizations may need to manage the data source categories assigned by Meta and either confirm the categorization or request a review.

Organizations may also need to speak with their legal counsel and Meta client rep to understand the best course of action and get the most accurate and up-to-date guidance. 

Strategies such as leveraging upper funnel events, adjusting campaigns to optimize for certain objectives, leveraging custom events, and minimizing the use of sensitive parameters in events and URLs may help address Meta’s data sharing restrictions.