Many Health-Related Web Pages Share User Data With Third Parties
February 28, 2015 in News
The majority of health-related Web pages allow third parties to view users’ information, raising privacy concerns for health-related search practices, according to a study published in the journal Communications of the ACM, Time reports.
For the study, University of Pennsylvania doctoral student Timothy Libert analyzed about 80,000 Web pages that appeared in the top 50 Internet search results for 1,986 common medical conditions.
Libert found that:
- 91% of the sites allowed third parties — such as advertisers, data brokers and social networks — to access certain data on individuals viewing the Web page, including users’ IP addresses; and
- 70% of the sites allowed third parties to view the specific “conditions, treatments and diseases” users looked up (Brandeisky, Time, 2/25).
In addition, he found that:
- Google collected data from 78% of the Web pages;
- comScore, a marketing and data analytics firm, collected data from 38% of the Web pages;
- Facebook collected data from 31% of the sites (University of Pennsylvania release, 2/20); and
- Experian, a data broker and credit bureau, collected data form 5% of the sites.
Libert said the findings raise two major concerns:
- Third parties could link individuals with their medical search history; and
- Advertisers could use the information to target individuals with advertisements based on their searchers.
In addition, Libert said that third parties could still access the information even if users were using private browsing features or deleted cookies. He said that some Web browser extensions, such as Adblock Plus or Ghostery, do not prevent third parties from viewing all such information, “but they catch a lot” (Time, 2/25).
Libert noted that HIPAA does not apply to business practices of the third parties accessing the information, meaning data on health-related searches potentially are being collected by entities not subject to oversight. He added that in such circumstances, data “can be inadvertently misused, sold or even stolen.” Libert concluded, “Clearly there is a need for discussion with respect to legislation, policies and oversight to address health privacy in the age of the Internet” (University of Pennsylvania release, 2/20).