Health-related websites sometimes pass on information collected from visitors to their sites to third-party advertising and marketing companies, according to a small study published this week in the journal JAMA Internal Medicine.
“A patient who searches on a ‘free’ health-related website for information related to ‘herpes’ should be able to assume that the inquiry is anonymous,” writes Marco Huesch, the author of the study and an assistant professor of health policy at the University of Southern California. “If not anonymous, the information knowingly or unknowingly disclosed by the patient should not be divulged to others. Unfortunately, neither assumption may be true.”
Huesch worries that the data “leaked” to third parties could be used in combination with tracking and other information obtained from other websites (such as Facebook) to create highly revealing profiles of individual users.
“In theory, someone could build up a very powerful document with all of your medical conditions, the drugs you’re taking, where you work, who your relatives are, where you live, and other personal information,” Huesch told a reporter for the tech website The Verge.
Heusch makes clear in his write-up of his study, however, that he has no evidence that any company is misusing the information, much less compiling such profiles.
Most sites leaked data
For his study, Huesch selected 20 popular health-related sites. They included government sites (such as the National Institutes of Health and the Centers for Disease Control and Prevention), medical-journal-related sites (New England Journal of Medicine and JAMA), media-related sites (the health sections of Fox News and the New York Times), and other commercial sites (Weight Watchers and WebMD). The Mayo Clinic website was also included.
Using software that detects whether search information is being passed on to third parties, Huesch randomly examined 10 pages on each site, looking for information related to three topics: herpes, cancer and depression. He found that 13 of the 20 sites had a potentially troublesome tracker function. And seven of the sites (Britain’s National Health Service, MedicalNewsDaily/Mdlinx, Drugs.com, Men’s Health, Health.com, Fox News, and the New York Times) shared his three search terms with outside companies.
No leaking occurred when he browsed U.S. government-run sites or most of the physician-run sites (including the Mayo Clinic’s site).
Need for clear regulations
Heusch says he is not against websites collecting user information. Such tracking can, after all, enhance the browsing experience. But he says the government needs to do a better job of establishing laws and regulations regarding the use of the information by third parties.
“Security concerns about health care information have traditionally revolved around the loss or theft of patient information from health care provider health records or the misuse of information by health care providers,” he writes. “Yet much health-related information is not stored in electronic health records, but generated in private health-related searches.”
Huesch also worries that if these privacy issues are not addressed, individuals may stop seeking valuable health information online.
Still, it is possible to seek out information on the web and protect your privacy, says Huesch.
“My findings suggest,” he concludes, “that patients and physicians who are concerned about the privacy of information about their health-related searches may prefer to search through government websites or those of professional societies.”
Footnote: If you want to find out which websites are sending your information on to third parties, try the free software program Ghostery.