There's yet another health privacy threat to worry about--health websites--as they share user search terms for advertising purposes, according to an article published online this week in JAMA Internal Medicine.
The business model of patients who use the Internet to search health-related information and in turn, having those websites gather information on them for target advertising makes things complicated, according to the study author Marco Huesch, of the University of Southern California in Los Angeles.
"A patient who searches on a 'free' health-related website for information related to 'herpes' should be able to assume that the inquiry is anonymous," Huesch said. "If not anonymous, the information knowingly or unknowingly disclosed by the patient should not be divulged to others."
However, in an analysis of 20 health-related websites--using publicly available tools such as DoNotTrackMe and Ghostery--Huesch found found that all 20 sites had at least one third-party element, and typically six or seven. Compared to mass media and commercial sites, no tracking elements were found on physician-oriented sites coupled to professional groups.
Social media plug-in buttons tracked users on websites, even if they weren't logged in or didn't "like" anything, according to Huesch. When using the interception tools, Huesch found that searches on websites for three terms were leaked to third-party tracking entities by seven websites--none government-run or physician-oriented, though.
"These things aren't done for free," he told Reuters Health. "The people that invest in this third-party data are sophisticated technology companies. At the end of the day, these tools are being used in ways that are pretty unsavory and creepy."
To learn more:
- read the study in JAMA Internal Medicine (subscription required)
- read the article in Reuters Health
Can patients cherry-pick health information to be exchanged?
Providers: Expect patients to start asserting their privacy rights
EHR users could have trouble with new HIPAA provision
How to mitigate unintended consequences of data exchange