Online Medical Privacy: It’s a Bit of a Myth
Patients searching for health-related information on the Internet, who assume that their activity is anonymous, may find their privacy threatened, said a research letter published in a major medical journal on Monday.
Marco Huesch, a researcher from the University of Southern California, Los Angeles, searched for 'depression,' 'herpes,' and 'cancer' on various health-related websites and reported that the data is being tracked and released to third parties.
The scientist used freeware privacy tools DoNotTrackMe and Ghostery to detect third party entities on the websites he browsed and commercial software called Charles to intercept any transmission of the information he generated to third parties. He tested 20 high-traffic sites, including the webpages of the National Institutes of Health and the Food and Drug Administration as well as WebMD, and showed that all had at least one third-party entity present, and six or seven on average, he reported.
"The leakage of search terms to tracking entities is worrisome," Dr Heusch wrote in the Journal of the American Medical Association, cautioning that the lack of protection of the online search might deter people from using online health information, which has proven to be helpful and empowering. Heusch advises patients to use government websites or those run by professional associations of physicians, which were found to have no tracking elements.
Anonymity was threatened by the visible IP address of the patient's computer or the often unique configuration of the patient's web browser. Confidentiality is threatened by the leakage of information to the third parties through code on websites. In general, the information gathered enhances user's experience and allows targeted advertisements, but the threats to privacy are real and insufficiently addressed in current legislation and regulations, potentially leading to embarrassment or discrimination.
Those findings are another one of a growing number of privacy concerns over digital health information, which operates in a large, vulnerable infrastructure governed by rigorous, industry-specific security regulations. The main worry so far was the security of physician-gathered information, research has shown, are at high risk of an attack, and allow for easy identification of a patient, but online searches were so far considered safe.
This belief might not be surprising given that major online players, like Facebook and Google, already gather and sell user information, and there’s no reason to suspect that medical services, which are free for users, are exempted from the practice.
Facebook, for example, uses its mountain of personal data to help advertisers target ads on its site, but their investors are pressuring the company to look for new ways to ‘monetize’ its personal data, and users don’t seem to oppose this situation.
“We’re accepting more privacy intrusions each day, sometimes because we don’t realize what we’re giving out, other times because we don’t feel we have a choice, other times because the harm of this isolated transaction seems so remote,” says privacy attorney Sarah Downey, who works for personal data security products company Abine
She adds, “Once collected, our data ends up in unexpected—and unwanted—places, and spam emails, inclusion in harmful information databases, and even identity theft can follow.”