According to a recent report, many popular health websites such as WebMD are sharing private medical data with the Masters of the Universe.
A recent investigation by the Financial Times has revealed that popular health websites are sharing users’ private and personal medical data with big tech firms such as Google, Amazon, and Facebook as well as smaller data brokers and advertising firms such as Scorecard and OpenX.
The Financial Times analyzed over 100 health and medical websites including WebMD, Healthline, health insurance group Bupa, and parenting site Babycentre. The FT found that 79 percent of these sites used tracking cookies on visitors that could be utilized by third-party firms across the internet. This was done without users’ permissions making it illegal under E.U. GDPR guidelines.
The most common place for the data to be sent was found to be Google’s advertising arm DoubleClick which showed up on 78 percent of the sites that were tested by the Financial Times. From the FT investigation, the data shared included:
- drug names entered into Drugs.com were sent to Google’s ad unit DoubleClick.
- symptoms inputted into WebMD’s symptom checker, and diagnoses received, including “drug overdose”, were shared with Facebook.
- menstrual and ovulation cycle information from BabyCentre ended up with Amazon Marketing, among others.
- keywords such as “heart disease” and “considering abortion” were shared from sites like the British Heart Foundation, Bupa and Healthline to companies including Scorecard Research and Blue Kai (owned by software giant Oracle).
When contacted about the collection of medical data, Google stated that it has “strict policies preventing advertisers from using such data to target ads.” Facebook said that it would be conducting an investigation and would “take action” against websites “in violation of our terms.” Amazon stated: “We do not use the information from publisher websites to inform advertising audience segments.”
This week the Office for Civil Rights in the Department of Health and Human Services has begun an investigation into a cloud computing deal between Google and Ascension Health which granted Google access to the detailed health information of millions of patients.
The Office for Civil Rights in the Department of Health and Human Services will be investigating the data collection elements of the deal in order to ensure that the partnership is in compliance with the Health Insurance Portability and Accountability Act (HIPAA) which was put in place to safeguard medical information.
Google stated this week that patient data “cannot and will not be combined with any Google consumer data.” The collaboration between Google and Ascension is named “Project Nightingale” and aims to collect the health information of 50 million American patients.