• Academics at the University of Pennsylvania analyzed a nationally representative sample of 100 non-federal acute care hospitals – essentially traditional hospitals with emergency departments – and their findings were that 96 percent of their websites transmitted user data to third parties.
  • Not all sites had privacy policies and of those that did, only 56% disclosed specific third parties receiving data.
  • Google and Meta (through Facebook Pixel) were on nearly every site and received the most data. Adobe, Verizon, Oracle, Microsoft, Amazon also received data.
  • Common data shared included IP addresses, browser info, pages visited, referring site.
  • Sharing data poses privacy risks for visitors and legal/regulatory risks for hospitals if policies don’t comply with laws.
  • A class action lawsuit against Mass General Brigham and Dana-Farber resulted in an $18.4M settlement over sharing patient data.
  • Researcher calls for hospitals to collaborate with computer science departments to design more private websites. Also recommends privacy tools to block third party tracking.

But in the meantime, and in lieu of any federal data privacy law in the US, protecting personal information falls to the individual. And for that, Friedman recommends browser-based tools Ghostery and Privacy Badger, which identify and block transfers to third-party domains. “It impacts your browsing experience almost none,” he explained. “It’s free. And you will be shocked at how much tracking is actually happening, and how much data is actually flowing to third parties.”

Note: Although Friedman recommends Ghostery and Privacy Badger, uBlock Origin is generally considered a better privacy-enhancing browser extension. Additionally, there exist multiple approaches for adblocking and tracker blocking beyond the browser extension model.

    • disguy_ovahea@lemmy.world
      link
      fedilink
      English
      arrow-up
      25
      ·
      7 months ago

      HIPAA prevents providers from sharing your personal medical data. In this case, you are the one sharing the data by using a third-party portal. Best recommendation is to check-in in person, complete ER forms on paper, and avoid using third-party apps/websites for medical care. Provider-hosted secure portals are protected by HIPAA.

  • phoneymouse@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    7 months ago

    This is just a guess, but I would assume the hospitals doing this are unaware. They probably just put Google Analytics and Meta’s SDK on their website, completely oblivious to the fact that that shit vacuums up everything on the page, including text box inputs.

  • SuperSynthia@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    7 months ago

    I feel like this is ripe for abuse. I’m sure insurance companies purchase this data to screw their customers in some wicked way

  • Zerlyna@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    7 months ago

    I’m not a programmer so I could be wrong… Aren’t using the direct medical apps on your phone (Epic, FollowMyHealth, etc) safer than the web?
    Or are they selling that data too?