96% of US Hospital Websites Share Visitor Info With Meta, Google, Data Brokers (theregister.com) 21
An anonymous reader quotes a report from The Guardian: Hospitals -- despite being places where people implicitly expect to have their personal details kept private -- frequently use tracking technologies on their websites to share user information with Google, Meta, data brokers, and other third parties, according to research published today. Academics at the University of Pennsylvania analyzed a nationally representative sample of 100 non-federal acute care hospitals -- essentially traditional hospitals with emergency departments -- and their findings were that 96 percent of their websites transmitted user data to third parties. Additionally, not all of these websites even had a privacy policy. And of the 71 percent that did, 56 percent disclosed specific third-party companies that could receive user information.
The researchers' latest work builds on a study they published a year ago of 3,747 US non-federal hospital websites. That found 98.6 percent tracked and transferred visitors' data to large tech and social media companies, advertising firms, and data brokers. To find the trackers on websites, the team checked out each hospitals' homepage on January 26 using webXray, an open source tool that detects third-party HTTP requests and matches them to the organizations receiving the data. They also recorded the number of third-party cookies per page. One name in particular stood out, in terms of who was receiving website visitors' information. "In every study we've done, in any part of the health system, Google, whose parent company is Alphabet, is on nearly every page, including hospitals," [Dr Ari Friedman, an assistant professor of emergency medicine at the University of Pennsylvania] observed. "From there, it declines," he continued. "Meta was on a little over half of hospital webpages, and the Meta Pixel is notable because it seems to be one of the grabbier entities out there in terms of tracking."
Both Meta and Google's tracking technologies have been the subject of criminal complaints and lawsuits over the years -- as have some healthcare companies that shared data with these and other advertisers. In addition, between 20 and 30 percent of the hospitals share data with Adobe, Friedman noted. "Everybody knows Adobe for PDFs. My understanding is they also have a tracking division within their ad division." Others include telecom and digital marketing companies like The Trade Desk and Verizon, plus tech giants Oracle, Microsoft, and Amazon, according to Friedman. Then there's also analytics firms including Hotjar and data brokers such as Acxiom. "And two thirds of hospital websites had some kind of data transfer to a third-party domain that we couldn't even identify," he added. Of the 71 hospital website privacy policies that the team found, 69 addressed the types of user information that was collected. The most common were IP addresses (80 percent), web browser name and version (75 percent), pages visited on the website (73 percent), and the website from which the user arrived (73 percent). Only 56 percent of these policies identified the third-party companies receiving user information. In lieu of any federal data privacy law in the U.S., Friedman recommends users protect their personal information via the browser-based tools Ghostery and Privacy Badger, which identify and block transfers to third-party domains.
The researchers' latest work builds on a study they published a year ago of 3,747 US non-federal hospital websites. That found 98.6 percent tracked and transferred visitors' data to large tech and social media companies, advertising firms, and data brokers. To find the trackers on websites, the team checked out each hospitals' homepage on January 26 using webXray, an open source tool that detects third-party HTTP requests and matches them to the organizations receiving the data. They also recorded the number of third-party cookies per page. One name in particular stood out, in terms of who was receiving website visitors' information. "In every study we've done, in any part of the health system, Google, whose parent company is Alphabet, is on nearly every page, including hospitals," [Dr Ari Friedman, an assistant professor of emergency medicine at the University of Pennsylvania] observed. "From there, it declines," he continued. "Meta was on a little over half of hospital webpages, and the Meta Pixel is notable because it seems to be one of the grabbier entities out there in terms of tracking."
Both Meta and Google's tracking technologies have been the subject of criminal complaints and lawsuits over the years -- as have some healthcare companies that shared data with these and other advertisers. In addition, between 20 and 30 percent of the hospitals share data with Adobe, Friedman noted. "Everybody knows Adobe for PDFs. My understanding is they also have a tracking division within their ad division." Others include telecom and digital marketing companies like The Trade Desk and Verizon, plus tech giants Oracle, Microsoft, and Amazon, according to Friedman. Then there's also analytics firms including Hotjar and data brokers such as Acxiom. "And two thirds of hospital websites had some kind of data transfer to a third-party domain that we couldn't even identify," he added. Of the 71 hospital website privacy policies that the team found, 69 addressed the types of user information that was collected. The most common were IP addresses (80 percent), web browser name and version (75 percent), pages visited on the website (73 percent), and the website from which the user arrived (73 percent). Only 56 percent of these policies identified the third-party companies receiving user information. In lieu of any federal data privacy law in the U.S., Friedman recommends users protect their personal information via the browser-based tools Ghostery and Privacy Badger, which identify and block transfers to third-party domains.
\o/ (Score:2)
Come on! You can do it! Try slightly harder you and can reach that 100%
Go go go go!
Re: (Score:2)
I'm guessing the 1.2% of pages without Google were servers' default error pages.
So? (Score:2, Insightful)
>"Hospitals -- despite being places where people implicitly expect to have their personal details kept private -- frequently use tracking technologies on their websites[...] and their findings were that 96 percent of their websites transmitted user data to third parties. "
So? That just means it is a typical a public website. I think you will find that almost all large websites have such tracking stuff on them. Marketing always wants to know as much as they can about who is visiting and why, and also l
Re: (Score:2)
I'm 100% in agreement.
An idea: I'm big on disinformation. How about lots of machines sending garbage to the tracker receiving servers? Heck maybe even a botnet.
And the response to that would be the need for AI to sort the noise from the human cattle, which it would ironically do better than any human would.
Heck, with that much training it might become the best AI system in the world.
Be careful what you ask for, Human - 21st Century Proverb
Re: (Score:3)
I don't understand the thrust of this "study."
To call attention to the problem. This happens because web devs take the easy approach, and the executives who should be putting a stop to it aren't savvy enough or just don't care.
A study like this, and subsequent publicity, could potentially enlighten those executives or maybe generate a little public outcry.
Re: So? (Score:3)
Re: So? (Score:2)
So you visited hospital.com/map or hospital.com/login so what
Re: So? (Score:5, Interesting)
You also visited hospital.com/cancer and found out later that day, that your health insurance rate doubled. And the internet started showing you all kinds of chemotherapy ads and homeopathic remedy ads instead of the usual single ladies in your area.
Re: (Score:2, Insightful)
>"Hospitals -- despite being places where people implicitly expect to have their personal details kept private -- frequently use tracking technologies on their websites[...] and their findings were that 96 percent of their websites transmitted user data to third parties. "
So? That just means it is a typical a public website. I think you will find that almost all large websites have such tracking stuff on them. Marketing always wants to know as much as they can about who is visiting and why, and also link into social crap. Why would anyone think it would or should be less for "hospital" websites? This has nothing to do with protected or sensitive health information.
I hate all this tracking, and use active methods to block it, but I don't understand the thrust of this "study."
What do you think people search for and use on health websites? Nothing sensitive? Ever? What do you think they do with all that data they collect? Never sell it? Ever? Seriously. Wake up a bit as to WHY they do what they do, or better yet force them to turn off all tracking and listen to the excuses first. You might then better understand the motive behind the privacy scraping,
There isn’t anything “typical” about buying and selling the data that drives insurance rates and poisons
Re: (Score:2)
>"What do you think people search for and use on health websites?
This isn't "health websites", it is only "hospital websites." Probably typical things: Address, visiting hours, mission, donations, events, employment, phone numbers and other contact info, directions, history, parking, staff, policies, newsletter, services, so many things.
>" Nothing sensitive? Ever?""
Pretty darn rare, probably. People are far, far more likely to use a general search engine for that (and for most people that is probab
Explains why... (Score:1)
I keep getting ads offering me solutions for men with overly large penises.
Good to know.
Re: Explains why... (Score:3)
5 years ago, I got a Facebook ad for a lawyer suing the manufacturer of a prescription I had been taking for a decade, which was recently found to cause significant vision loss. I had no symptoms at the time, but was diagnosed with the illness nevertheless.
My vision unfortunately worsened ober time even after taking the drug. The drug company settled last year, and I'm glad I was part of the litigation. But would much rather have my perfect vision back, as no amount of money can compensate for that.
Re: (Score:1)
Which drug?
Re: Explains why... (Score:3)
Pentosan polysulfate sodium.
Re: (Score:1)
Re: Explains why... (Score:1)
Funny (Score:2)
What else would you expect ... (Score:2)