Health Websites Are Sharing Sensitive Medical Data with Google, Facebook, and Amazon

Popular health websites are sharing private, personal medical data with big tech companies, according to an investigation by the Financial Times. From a report: The data, including medical diagnoses, symptoms, prescriptions, and menstrual and fertility information, are being sold to companies like Google, Amazon, Facebook, and Oracle and smaller data brokers and advertising technology firms, like Scorecard and OpenX. The FT analyzed 100 health websites, including WebMD, Healthline, health insurance group Bupa, and parenting site Babycentre, and found that 79% of them dropped cookies on visitors, allowing them to be tracked by third-party companies around the internet. This was done without consent, making the practice illegal under European Union regulations. By far the most common destination for the data was Google's advertising arm DoubleClick, which showed up in 78% of the sites the FT tested.

choice

[Dale512]

Hopefully the site I'm required to give health info to for insurance purposes isn't turning around and selling the data. I suppose technically/legally they are offering the choice to do it. If you don't the prices are double, but hey, choice!

Re:

[Slick_W1lly]

They almost certainly are.

Take for instance WebMD - that fount of all things medically sound and a comfort ( or not) for looking up 'My nose hurts, Have I got Ebola?"
My insurance 'required' me to talk to these folks. For some $'s off my health insurance I got to take blood tests, and fitness tests, talk to some 'health coach' nutjob who sympathetically tells me I need to walk more and eat less meat.

It's all utter bollocks. In their yearly screenings, I magically turn from a fitness fanatic who walks miles p

Re: choice

[bogie]

Who is you health insurance provider that forced this on you?

Re:

[Impy the Impiuos Imp]

Google and other web sites bucketize your virtual persona IP address into many things, including what medical things you search for, then feed ads for that and statistically related things to any web site willing to pay for their advertising.

I assume there's a way for web sites to feed Google links to pages you visit + your IP and Google AI does the rest for more bucketation, for more money, making a mockery of https.

Re:

[rtb61]

Countries are having real problems chasing due taxes out of tax cheating corporations like Google, so instead they a fining the fuck out of the likes of Google to get that tax money for all sorts or privacy laws that Google EVIL Corp regularly breaks.

Re:

[Travelsonic]

Being in a TOS =/= automatically being either something one will understand, seeing how convoluted they can make things, nor ethical.

Re: Tough

[OrangeTide]

In a democratic society we're free to demand that certain abused conditions cannot be part of a contract or terms-of-service agreements.

The point of raising the issue is to inform the public and move for open debate and ultimately change.

It's not productive to throw our collective hands up saying: thoses are the rules, learn to live with it. And if you complain then you hate our system, country, and way of life. (e.g. GTFO)

Re:

[thomn8r]

In a democratic society we're free to demand that certain abused conditions cannot be part of a contract or terms-of-service agreements.

That's the funniest thing I've read all day!

Re:

[OrangeTide]

That's the funniest thing I've read all day!

Pity.

Not news

[mschaffer]

This is not news.

I'm more curious...

[skam240]

I'm more curious as to the piracy rate of The Mandalorian. I know I would certainly never ever pirate media but several friends of mine have said they don't have the patience for new entries to the streaming market and will be pirating everything that comes up that isn't on their 2-3 subscriptions they currently have.

Re:

[skam240]

fuck, wrong article

Re:

[Impy the Impiuos Imp]

Ha ha. You will waste precious heartbeats watching that fanboi spew.

Re:

[skam240]

Fanboy? I'm speculating on piracy rates of Disney+'s biggest draw versus new subscriptions. What exactly am I being a fanboy of? The non fragmentation of the streaming market? If so, gosh, sick burn bro!

HIPPA

[gabrieltss]

If ANY of your information contains Personal Health Information (PHI) and/or Personal Identifiable Information (PII) - they CAN NOT lend, rent, or sell that information without you consenting to it. If they do they are VIOLATING HIPPA Laws - PERIOD!
I worked building web portals for a major Health Insurance company and work with Work Comp stuff now. So I KNOW HIPPA very well.

Re:

[currently_awake]

And the terms of service grant them the right to use your data. Or the 20 page insurance contract written in 5 point font grants that right. It's not voluntary if everyone has the same onerous terms and you can't live without it.

Re:

[gabrieltss]

Actually no. You have to sign a very specific form and specifically specify who you are granting consent to have access to your information under HIPPA rules/laws. They CAN NOT use a "terms of service".

Re:

[Slick_W1lly]

>So I KNOW HIPPA very well.

Not certain you do, actually.

While I profess that I'm NOT an expert in HPPA rules and regulations I *do* have to take those tests yearly as 'a data privacy' thing.
I'm certain that medical data 'can be transferred to parties who 'need to know it'. Like, for instance from your doctor to your hospital, or your doctor to your HMO - *without* your permission.

Depending on exactly how Google has positioned themselves, they're likely to have inserted themselves into one of those entiti

Re:

[OolimPhon]

And you didn't notice that the article is about UK websites?

Sorry, no HIPPA here. Mind you, GDPR may apply instead.

UK NHS

[VeryFluffyBunny]

The UK has a national health service (NHS) which, BTW, is not the same thing as single-payer health insurance that US political rhetoric seems to be so allergic to (Canada has single-payer & a semi-privatised healthcare system & it's not as good as the UK NHS, e.g. fewer services, more co-pays, & more expensive drugs). An NHS means that everyone gets treated by the same service & medical staff who are employed, with few exceptions, by the UK govt.. Hospitals, doctors, nurses, surgeons, physios, etc., are govt. employees & therefore democratically accountable. For the NHS to give patient info to a tech company, e.g. Google, is not only illegal, but comes under public scrutiny, e.g. https://www.telegraph.co.uk/te... [telegraph.co.uk] Try getting this level of transparency & accountability with a private healthcare system.

What the FT article is saying is that private health info websites sell advertising & so collect visitors' web browsing data.

The UK NHS has its own health info service which doesn't sell advertising: https://www.nhs.uk/ [www.nhs.uk]

Re:

[GerryHattrick]

Some of those mentioned would be horrified to think that their clients were exposed, so they ought to be sensitive that cookies can be scraped. Even so, 'I' should have the option of putting my medical data, DNA, or whatever into a system I trust, and even allowing aggregation of that with others'. 20 years from now, something like that will be 'normal'. Experts should stop telling us what's naughty, and start working out what's possible.