Caveat Online Health Information Emptor?

Patients who search on free health-related websites for information related to a medical condition may have the health information they provide leaked to third party tracking entities through code on those websites, according to a research letter by Marco D. Huesch, M.B.B.S., Ph.D., of the University of Southern California, Los Angeles.

The research letter was recently published in JAMA Internal Medicine entitled “Privacy Threats When Seeking Online Health Information” and looked at how 20 health-related websites track visitors, ranging from the sites of the National Institutes of Health to the health news section of The New York Times online. Thirteen of the sites had at least one potentially worrisome tracker, according to the analysis performed by Dr. Huesch.

He also found evidence that health search terms he tried — herpes, cancer and depression — were shared by seven sites with outside companies. According to the paper:

“A patient who searches on a “free” health-related website for information related to “herpes” should be able to assume that the inquiry is anonymous. If not anonymous, the information knowingly or unknowingly disclosed by the patient should not be divulged to others.
Unfortunately, neither assumption may be true. Anonymity is threatened by the visible Internet address of the patient’s computer or the often unique configuration of the patient’s web browser. Confidentiality is threatened by the leakage of information to third parties through code on websites (eg, iframes, conversion pixels, social media plug-ins) or implanted on patients’ computers (eg, cookies, beacons).”

Dr. Huesch says that he was inspired to investigate this area by the archive of coverage on the topic by The Wall Street Journal on how the technology and market for your online information work. The most recent piece in this series is on Facebook privacy settings and some of the risks associated with “Graph Search.” This entire series is very good and worth the read.

The research paper states:

“My findings suggest that patients and physicians who are concerned about the privacy of information about their health-related searches may prefer to search through government websites or those of professional societies. Alternatively, individuals can use privacy tools that are available free of charge when searching and browsing online. Examples are DoNotTrackMe and Ghostery. Use of these tools created some inconveniences but generally did not affect the functionality of the websites I examined.”

The tool Dr. Huesch used for his research Ghostery has been noted to have some problems however. The MIT Technology Review posted an article last month which points out that Ghostery is owned by a company that uses the data it collects from its users to help advertisers target their ads better. It seems that few of those who advocate Ghostery, including Dr. Huesch, as a way to avoid the online ad industry realize that the company behind it, Evidon, is in fact part of that industry. Evidon helps companies that want to improve their use of tracking code by selling them data collected from the 8 million Ghostery users who have enabled the tool’s data sharing feature.

The paper states:

“Many third parties use the information they collect only to target advertising (eg, DoubleClick). However, nearly 300 third parties use the information to track consumers, delivering advertising related more directly to the user’s known or inferred interests, demographics, and prior online behavior.
These weaknesses in privacy practices have been detailed in the news media. The Federal Trade Commission has called for consumer privacy legislation. Online privacy guidelines for searches on health topics have been published. 6 But privacy threats are poorly understood because of the technical nature of online data collection and aggregation.”

The paper does not suggest any direct damage from the tracking but does note the potential: “The ramifications could span embarrassment, discrimination in the labor market, or the deliberate decision by marketers not to offer or advertise particular goods and services to an individual, based solely on the companies’ privately gathered knowledge.”

Tracking of Searches at 20 Health-Related Websites

The paper concludes that “failure to address these concerns may diminish trust in health-related websites and reduce the willingness of some people to access health-related information online. Until strong consumer privacy legislation is enacted, individuals should take care how much trust they place in their anonymity and the confidentiality of their information when online.”

Brian Ahier blogs at Healthcare, Technology & Government 2.0 where this post first appeared.

Livongo’s Post Ad Banner 728*90

Leave a Reply

7 Comment threads
4 Thread replies
Most reacted comment
Hottest comment thread
7 Comment authors
reverse phone lookup cell freeMargalit Gur-ArieLeonard KishShreyaMarco D. Huesch Recent comment authors
newest oldest most voted
reverse phone lookup cell free

reverse phone lookup reviews Together with every
thing which seems to be developing within this specific subject
matter, your points of view tend to be fairly stimulating.
Nevertheless, I appologize, because I can not subscribe
to your entire idea, all be it radical none the less.

It appears to us that your remarks are actually not entirely justified
and in reality you are generally your self not really thoroughly confident of the point.
In any event I did appreciate examining it. reverse phone lookup cell

Leonard Kish

Here’s my post from a couple of years ago. What would this mean for health information?

Explorers on Seas of Information:

Leonard Kish

Brian, prescient piece.

I started using DoNotTrack me after I started getting medical-related ads. This is one of the most important topics of our time, as important as property rights. In fact, maybe we should start referring to it as such PIP: Personal Information Property.

Margalit Gur-Arie

I am absolutely and completely thrilled that you said this, Leonard!
It is a form of property and this is something that was contemplated by legal luminaries a long long time ago. Here is my lesser luminary opinion from a year ago, when a heated argument ensued on this blog 🙂

Leonard Kish

Thanks, Margalit. Yours is a great piece. Love the Stevens quote, ““[t]he right to collect and use such data for public purposes is typically accompanied by a concomitant statutory or regulatory duty to avoid unwarranted disclosures”” I wrote about this in an old blog that was on Posterous, but I haven’t reposted, need to put up a new wordpress blog of my old stuff. I can post on G+ if you’re interested. Anyways, one of the more enlightening books I’ve read is by Hernando de Soto called The Mystery of Capital: Describing how the West’s property systems lead to… Read more »

Margalit Gur-Arie

It is a fascinating subject, and I would love to read that piece you wrote. I’ll give de Soto a whirl as well…


Hi Brian, nice blog shared above. Thanks for sharing this information about free health related websites. Really great job done. Awaiting for more posts like this.

Marco D. Huesch
Marco D. Huesch

Not at all that I’m carrying water for, but just wanted to clarify the point about their biz model. It’s my sense that the developers of Ghostery, a product that I use and recommend for free, are pretty up front about their biz model which is sort of an inverse of ‘freemium’. That is, you can voluntarily opt-in to a slightly less desirable version of the product for no clear benefits to you but which helps the company stay afloat. (Maybe we can call this biz model ‘altruistium’?) It’s my understanding that only if you explictly opt-in to GhostRank,… Read more »

Margalit Gur-Arie

I’d have to read more, but my initial reaction to a tool that states in huge font on its home page that “Tracking helps the digital marketplace work better.” , is to look for someone that thinks a bit differently about tracking. Maybe it’s just me, but the term “trust” is not something I am prepared to use in this context. Not anymore….

Brian Ahier

As Margailt said:

“When you search online, you are not a “patient”. You are a potential buyer. It’s no different than searching for power drills. They’ll collect it, slice it, dice it and sell it. All of them, government agencies included.”


Here you go, we can all get rich playing “Data Dealer” the stinky process has been gamified…”learn how to break in to data bases, start companies with online ventures, the buyers cone knocking, learn how to sell your profile to an insurance company”…well I hope this educates and gets some real attention as we do need to license and excise tax the data sellers making billions, banks and all of them. What this really does is point the finger at the FTC and other agencies on their inability to protect privacy and make data selling accountable as the errors and… Read more »