When we think about privacy in hospitals and healthcare, stringent HIPAA laws immediately come to mind, designed to safeguard patient information within clinical settings. However, a startling revelation from researchers at the University of Pennsylvania points to a significant oversight: the vast majority of U.S. hospital websites are not as protective as one might expect.
A recent study by the university has uncovered that an overwhelming 96% of non-federal acute care hospital websites (characterized by having an emergency room) are transmitting user information to third parties.
These findings are concerning, considering these websites often serve as the first point of contact for many seeking medical help or advice.
Hospital: A Deep Dive Into Disturbing Practices
The investigation, which analyzed 100 hospital websites across the country, highlighted not just the prevalence of data sharing but also the opacity surrounding these practices. Remarkably, only 71% of these sites had easily accessible privacy policies.
Among these, barely over half disclosed that third-party entities might receive user data.
"98% of 3,747 hospitals surveyed admitted transferring website user data to data brokers, advertising firms & social media companies for targeted ads" #PrivacyMatters https://t.co/kFH6iRysoQ
— Drew Mingl 🏛💻📊🏜️ (@drewmingl) April 14, 2024
Assistant Professor of Emergency Medicine Ari Friedman, involved in the study, expressed his astonishment at the results: “The findings are incomprehensible. It’s not surprising, though, given the financial incentives.”
Last year, a similar probe into 3,747 healthcare websites found that nearly 98.6% engaged in tracking and transferring user data to various third parties, including data brokers and advertising firms.
The Usual Suspects: Big Tech’s Involvement
The study utilized an open-source tool called webXray to detect third-party HTTPS requests and identify the companies receiving the data.
The results were telling: Google appeared on nearly every hospital page examined, Meta on more than half, while Adobe, Amazon, Microsoft, Oracle, and Verizon were also implicated in receiving data from 20 to 30 percent of sites.
The Consumer’s Role in Data Privacy
In the absence of stringent federal data privacy laws, the onus increasingly falls on consumers to protect their online data.
While hospitals might focus on direct patient care aspects, their online platforms—which include appointment booking systems, patient portals, and information repositories—remain vulnerable to breaches and misuse.
