96% of US Hospital Websites Share Visitor Data with Google, Meta, Data Brokers, and Other Third Parties, Study Finds

Submitted ⁨⁨5⁩ ⁨weeks⁩ ago⁩ by ⁨ForgottenFlux@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://www.theregister.com/2024/04/11/hospital_website_data_sharing/

Academics at the University of Pennsylvania analyzed a nationally representative sample of 100 non-federal acute care hospitals – essentially traditional hospitals with emergency departments – and their findings were that 96 percent of their websites transmitted user data to third parties.
Not all sites had privacy policies and of those that did, only 56% disclosed specific third parties receiving data.
Google and Meta (through Facebook Pixel) were on nearly every site and received the most data. Adobe, Verizon, Oracle, Microsoft, Amazon also received data.
Common data shared included IP addresses, browser info, pages visited, referring site.
Sharing data poses privacy risks for visitors and legal/regulatory risks for hospitals if policies don’t comply with laws.
A class action lawsuit against Mass General Brigham and Dana-Farber resulted in an $18.4M settlement over sharing patient data.
Researcher calls for hospitals to collaborate with computer science departments to design more private websites. Also recommends privacy tools to block third party tracking.

But in the meantime, and in lieu of any federal data privacy law in the US, protecting personal information falls to the individual. And for that, Friedman recommends browser-based tools Ghostery and Privacy Badger, which identify and block transfers to third-party domains. “It impacts your browsing experience almost none,” he explained. “It’s free. And you will be shocked at how much tracking is actually happening, and how much data is actually flowing to third parties.”

Note: Although Friedman recommends Ghostery and Privacy Badger, uBlock Origin is generally considered a better privacy-enhancing browser extension. Additionally, there exist multiple approaches for adblocking and tracker blocking beyond the browser extension model.

source

Comments

Sort:hotnew top

phoneymouse@lemmy.world ⁨5⁩ ⁨weeks⁩ ago
This is just a guess, but I would assume the hospitals doing this are unaware. They probably just put Google Analytics and Meta’s SDK on their website, completely oblivious to the fact that that shit vacuums up everything on the page, including text box inputs.

source
- space@lemmy.dbzer0.com ⁨5⁩ ⁨weeks⁩ ago
  The bad part is that even if you block everything on the client side with ad/tracker blocking extensions, there’s nothing stopping them from collecting data on the server side.
  
  source
  - disguy_ovahea@lemmy.world ⁨5⁩ ⁨weeks⁩ ago
    That would be a violation of HIPAA.
    
    source
    -> View More Comments
  - CrayonRosary@lemmy.world ⁨5⁩ ⁨weeks⁩ ago
    Please explain. How can google, Facebook, and such get data out of a hospital web server directly? That would be hacking.
    
    source
    -> View More Comments
vortexal@sopuli.xyz ⁨5⁩ ⁨weeks⁩ ago
Doesn’t this violate HIPAA, or does HIPAA not cover this?

source
- disguy_ovahea@lemmy.world ⁨5⁩ ⁨weeks⁩ ago
  HIPAA prevents providers from sharing your personal medical data. In this case, you are the one sharing the data by using a third-party portal. Best recommendation is to check-in in person, complete ER forms on paper, and avoid using third-party apps/websites for medical care. Provider-hosted secure portals are protected by HIPAA.
  
  source
  - paraphrand@lemmy.world ⁨5⁩ ⁨weeks⁩ ago
    That’s a huge loophole.
    
    Fuck this country. 😬
    
    source
    -> View More Comments
lemmyreader@lemmy.ml ⁨5⁩ ⁨weeks⁩ ago
I remember years ago my friends told me Ghostery did some shady business. Sadly it is difficult to find any useful information about this, between the lots of ads and pop ups (Where have all the blog posts gone ?), but here is something : en.wikipedia.org/wiki/Ghostery#Criticism

source
reddig33@lemmy.world ⁨5⁩ ⁨weeks⁩ ago
Welcome to for-profit healthcare.

source
sharkfucker420@lemmy.ml ⁨5⁩ ⁨weeks⁩ ago
Reading this while in an urgent care lmao

source
- paraphrand@lemmy.world ⁨5⁩ ⁨weeks⁩ ago
  Feel better.
  
  source
  - sharkfucker420@lemmy.ml ⁨5⁩ ⁨weeks⁩ ago
    Just a sprain :P I should get over it fast. Thank you though :)
    
    source
- Blue_Morpho@lemmy.world ⁨5⁩ ⁨weeks⁩ ago
  I bet they made you use a website or app to check in. And that website wasn’t created by the Urgent Care. So everything you entered isn’t protected by HIPPA.
  
  source
  - sharkfucker420@lemmy.ml ⁨5⁩ ⁨weeks⁩ ago
    They did and probably 😔
    
    source
SuperSynthia@lemmy.world ⁨5⁩ ⁨weeks⁩ ago
I feel like this is ripe for abuse. I’m sure insurance companies purchase this data to screw their customers in some wicked way

source
Zerlyna@lemmy.world ⁨5⁩ ⁨weeks⁩ ago
I’m not a programmer so I could be wrong… Aren’t using the direct medical apps on your phone (Epic, FollowMyHealth, etc) safer than the web?
Or are they selling that data too?

source
- Lodra@programming.dev ⁨5⁩ ⁨weeks⁩ ago
  At first, I found this funny. Then I realized how scary, sad, etc. the reality is.
  
  Companies typically prefer users to use a native app for two reasons. First, the software is sometimes easier to build. Second, they are capable of scraping a vastly larger and more valuable set of data from the user.
  
  Browsers can hit many differs sites, many of which are dangerous. Thus, web browsers have to be as secure as possible to protect users from malicious sites. This includes Facebook, TikTok, every medical site you’ve ever logged into, etc.
  
  I know a lot about software. Personally, I view every installed app as a means of attacking my privacy. If you have the choice and your experience isn’t diminished, use a web browser instead of a native app.
  
  source
  - Zerlyna@lemmy.world ⁨5⁩ ⁨weeks⁩ ago
    That is definitely some scary shit, thank you. That also piggybacks onto another thought I had, my partner insists on google chrome for everything. (He is a pc and android user). I stay away from google anything and would think because he SAYS he cares about what’s collected, he admits he isn’t a techie, but then doesn’t want to hear it from me when I say use something Mozilla based and ublock. But nothing is safe anymore. I do use voyager. :)
    
    source
    -> View More Comments
twig@lemmy.dbzer0.com ⁨5⁩ ⁨weeks⁩ ago
This is called “enumerating badness” and the findings here are both probably not that meaningful and based on a lot of assumptions.

I am curious to see what data is being transmitted, but not a lot is actually revealed by this

source
- witheyeandclaw@lemmy.sdf.org ⁨5⁩ ⁨weeks⁩ ago
  “Common data shared included IP addresses, browser info, pages visited, referring site.”
  
  source
  - wagesj45@kbin.run ⁨5⁩ ⁨weeks⁩ ago
    So enough to cross reference with a bazillion other data-brokers online and absolutely pinpoint most people.
    
    source