Caveat Online Health Information Emptor?

Patients who search on free health-related websites for information related to a medical condition may have the health information they provide leaked to third party tracking entities through code on those websites, according to a research letter by Marco D. Huesch, M.B.B.S., Ph.D., of the University of Southern California, Los Angeles.

The research letter was recently published in JAMA Internal Medicine entitled “Privacy Threats When Seeking Online Health Information” and looked at how 20 health-related websites track visitors, ranging from the sites of the National Institutes of Health to the health news section of The New York Times online. Thirteen of the sites had at least one potentially worrisome tracker, according to the analysis performed by Dr. Huesch.

He also found evidence that health search terms he tried — herpes, cancer and depression — were shared by seven sites with outside companies. According to the paper:

“A patient who searches on a “free” health-related website for information related to “herpes” should be able to assume that the inquiry is anonymous. If not anonymous, the information knowingly or unknowingly disclosed by the patient should not be divulged to others.
Unfortunately, neither assumption may be true. Anonymity is threatened by the visible Internet address of the patient’s computer or the often unique configuration of the patient’s web browser. Confidentiality is threatened by the leakage of information to third parties through code on websites (eg, iframes, conversion pixels, social media plug-ins) or implanted on patients’ computers (eg, cookies, beacons).”

Dr. Huesch says that he was inspired to investigate this area by the archive of coverage on the topic by The Wall Street Journal on how the technology and market for your online information work. The most recent piece in this series is on Facebook privacy settings and some of the risks associated with “Graph Search.” This entire series is very good and worth the read.

The research paper states:

“My findings suggest that patients and physicians who are concerned about the privacy of information about their health-related searches may prefer to search through government websites or those of professional societies. Alternatively, individuals can use privacy tools that are available free of charge when searching and browsing online. Examples are DoNotTrackMe and Ghostery. Use of these tools created some inconveniences but generally did not affect the functionality of the websites I examined.”

The tool Dr. Huesch used for his research Ghostery has been noted to have some problems however. The MIT Technology Review posted an article last month which points out that Ghostery is owned by a company that uses the data it collects from its users to help advertisers target their ads better. It seems that few of those who advocate Ghostery, including Dr. Huesch, as a way to avoid the online ad industry realize that the company behind it, Evidon, is in fact part of that industry. Evidon helps companies that want to improve their use of tracking code by selling them data collected from the 8 million Ghostery users who have enabled the tool’s data sharing feature.

The paper states:

“Many third parties use the information they collect only to target advertising (eg, DoubleClick). However, nearly 300 third parties use the information to track consumers, delivering advertising related more directly to the user’s known or inferred interests, demographics, and prior online behavior.
These weaknesses in privacy practices have been detailed in the news media. The Federal Trade Commission has called for consumer privacy legislation. Online privacy guidelines for searches on health topics have been published. 6 But privacy threats are poorly understood because of the technical nature of online data collection and aggregation.”

The paper does not suggest any direct damage from the tracking but does note the potential: “The ramifications could span embarrassment, discrimination in the labor market, or the deliberate decision by marketers not to offer or advertise particular goods and services to an individual, based solely on the companies’ privately gathered knowledge.”

Tracking of Searches at 20 Health-Related Websites

The paper concludes that “failure to address these concerns may diminish trust in health-related websites and reduce the willingness of some people to access health-related information online. Until strong consumer privacy legislation is enacted, individuals should take care how much trust they place in their anonymity and the confidentiality of their information when online.”

Brian Ahier blogs at Healthcare, Technology & Government 2.0 where this post first appeared.

11 replies »

  1. reverse phone lookup reviews Together with every
    thing which seems to be developing within this specific subject
    matter, your points of view tend to be fairly stimulating.
    Nevertheless, I appologize, because I can not subscribe
    to your entire idea, all be it radical none the less.

    It appears to us that your remarks are actually not entirely justified
    and in reality you are generally your self not really thoroughly confident of the point.
    In any event I did appreciate examining it. reverse phone lookup cell

  2. Thanks, Margalit.

    Yours is a great piece. Love the Stevens quote, ““[t]he right to collect and use such data for public purposes is typically accompanied by a concomitant statutory or regulatory duty to avoid unwarranted disclosures””

    I wrote about this in an old blog that was on Posterous, but I haven’t reposted, need to put up a new wordpress blog of my old stuff. I can post on G+ if you’re interested.

    Anyways, one of the more enlightening books I’ve read is by Hernando de Soto called The Mystery of Capital: http://www.amazon.com/The-Mystery-Capital-Capitalism-Everywhere/dp/0465016154

    Describing how the West’s property systems lead to unprecedented prosperity when compared to many developing countries.

    I have some misgivings about the value of intellectual property, but personal information seems different. It’s not creative, and like real estate, it’s a limited resource. Still, it grows in value the more it’s shared and recombined. Much like drilling in my back yard, I’d like to be able to license my data, and ensure I get some sort of an option on it, because the value will grow.

    I’d like the opportunity to donate or share in the value creation of my data, and at the very least I sure want to know what’s happening with it, what value it’s creating, and for whom.

    I’ve been pondering this stuff for more than a decade since I met Juan Enriquez, about how metalayers become more valuable than the layers they describe. The digital iSelves that describe us is one example, but there are several more in biology and other complex systems. Need to do a series on it.

  3. I’d have to read more, but my initial reaction to a tool that states in huge font on its home page that “Tracking helps the digital marketplace work better.” , is to look for someone that thinks a bit differently about tracking. Maybe it’s just me, but the term “trust” is not something I am prepared to use in this context. Not anymore….

  4. Brian, prescient piece.

    I started using DoNotTrack me after I started getting medical-related ads. This is one of the most important topics of our time, as important as property rights. In fact, maybe we should start referring to it as such PIP: Personal Information Property.

  5. Hi Brian, nice blog shared above. Thanks for sharing this information about free health related websites. Really great job done. Awaiting for more posts like this.

  6. Not at all that I’m carrying water for Evidon.com, but just wanted to clarify the point about their biz model.

    It’s my sense that the developers of Ghostery, a product that I use and recommend for free, are pretty up front about their biz model which is sort of an inverse of ‘freemium’. That is, you can voluntarily opt-in to a slightly less desirable version of the product for no clear benefits to you but which helps the company stay afloat. (Maybe we can call this biz model ‘altruistium’?)

    It’s my understanding that only if you explictly opt-in to GhostRank, then Evidon collects anonymous data on trackers you encounter and where these are on what sites. That is aggregated and sold on to their clients as valuable biz intelligence on what sites are doing in terms of tracking (as opposed to valuable intelligence on what users are doing in terms of activity).

    If you don’t opt-in to GhostRank, you can still receive all the benefits of Ghostery. I haven’t opted-in, and so I trust that Evidon is not collecting data on my web activity.

    Pls see ghostery.com/faq for the details.


  7. Here you go, we can all get rich playing “Data Dealer” the stinky process has been gamified…”learn how to break in to data bases, start companies with online ventures, the buyers cone knocking, learn how to sell your profile to an insurance company”…well I hope this educates and gets some real attention as we do need to license and excise tax the data sellers making billions, banks and all of them. What this really does is point the finger at the FTC and other agencies on their inability to protect privacy and make data selling accountable as the errors and flaws are growing all the time.

    This in another way is a hoot with taking on insurers with all their gamification efforts too:) We license brokers, real estate agents, doctors and so on…this process needs regulation and makes billions.