Vast majority of US hospital websites are sharing visitor data with Big Tech companies

HIPAA be damned

By Shawn Knight April 12, 2024, 13:02 8 comments

Vast majority of US hospital websites are sharing visitor data with Big Tech companies

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

Facepalm: HIPAA privacy rules are a big deal in the healthcare industry, and it only seems natural that those protections would extend to all aspects of a patient's experience. According to a recent study, however, privacy pretty much goes out the window when visiting a hospital's website. Unsurprisingly, it all boils down to ad money.

Researchers from the University of Pennsylvania recently analyzed 100 non-federal acute care hospitals (those with an emergency room) across the country and found that a whopping 96 percent transmitted user information to third parties. If that weren't bad enough, the team was only able to find publicly accessible privacy policies on 71 percent of sites.

On websites with privacy policies, just over half (56.3 percent) disclosed that a third-party would receive user data.

Ari Friedman, an assistant professor of emergency medicine at the University of Pennsylvania and an author of the study, told The Register that the findings are incomprehensible. That said, it is not terribly surprising.

Last year, the same researchers published a similar study that looked at 3,747 hospital websites. That report determined that 98.6 percent of sites tracked and transferred user data to a variety of third parties including data brokers, advertising firms, and social media companies – all of which are in the business of using detailed data to sell targeted ads.

The researchers used an open-source tool called webXray to detect third-party HTTPS requests and match them with companies receiving the data.

Friedman said that in every study they have conducted – across all facets of the health care system – one name is "on nearly every page, including hospitals." Google. The team found Meta on more than half of hospital pages it analyzed, while Adobe received data from 20 to 30 percent of sites. Other tech giants sourcing data from hospital websites included Amazon, Microsoft, Oracle, and Verizon, Friedman added.

In lieu of federal data privacy laws, it's up to consumers to do all they can to protect their data online.

Image credit: Pixabay, Marija Zaric

8 comments 52 likes and shares

Tech Jobs: Find the next step in your career

Related Stories

Featured on TechSpot