The University of Southern California’s Marco Huesch visited 20 of the most popular health-related websites, using both privacy and commercial software to determine whether the pages used tracking cookies and sent along that information to third parties. Huesch found that 13 out of the 20 sites he visited used some sort of search tracking tool, and seven actively sent search term data to other sources. Government and professional medical group sites were less likely to track user data than commercial ones:
Huesch believes his findings underscore the need for more robust privacy protections, since sensitive data that is ostensibly used for advertising purposes and shared with third parties could potentially make their way to employers. In his research paper, Huesch writes that if “such risks [were] to be realized, the ramifications could span embarrassment, discrimination in the labor market or the deliberate decision by marketers not to offer or advertise particular goods and services to an individual, based solely on the companies’ privately gathered knowledge.”
Although the Health Insurance Portability and Accountability Act (HIPAA) prohibits the disclosure of personal medical information, it has no such restriction on the collection of health data for commercial purposes.
Last October, Sen. John D. Rockefeller (D-WV) opened an expansive investigation into the nine leading Internet information brokers who distribute personal data for commercial services. In a letter to the companies, Rockefeller wrote, “An ever-increasing percentage of their lives will be available for download, and the digital footprint they will inevitably leave behind will become more specific and potentially damaging, if used improperly. It is critical that we understand what information companies like yours are already collecting and selling.”
Most data brokers responded to Rockefeller’s inquiry by denying any wrongdoing, but pointedly refused to name data sources to the Senate panel. One of the brokers, Axciom, has promised to release the information it has collected on over 700 million people — including health-related content — by the end of the year.