0
We're unable to sign you in at this time. Please try again in a few minutes.
Retry
We were able to sign you in, but your subscription(s) could not be found. Please try again in a few minutes.
Retry
There may be a problem with your account. Please contact the AMA Service Center to resolve this issue.
Contact the AMA Service Center:
Telephone: 1 (800) 262-2350 or 1 (312) 670-7827  *   Email: subscriptions@jamanetwork.com
Error Message ......
Research Letter |

Privacy Threats When Seeking Online Health Information FREE

Marco D. Huesch, MBBS, PhD1,2,3,4
[+] Author Affiliations
1Sol Price School of Public Policy, University of Southern California, Los Angeles
2Leonard D. Schaeffer Center for Health Policy and Economics, University of Southern California, Los Angeles
3Department of Community and Family Medicine, Duke University School of Medicine, Durham, North Carolina
4Department of Health Sector Management Area, Duke University Fuqua School of Business, Durham, North Carolina
JAMA Intern Med. 2013;173(19):1838-1840. doi:10.1001/jamainternmed.2013.7795.
Text Size: A A A
Published online

Patients increasingly use the Internet to access health-related information for which they are not charged.1 In turn, websites gather information from those who browse their sites and target advertisements to them. Yet this business model masks a more complicated picture.

A patient who searches on a “free” health-related website for information related to “herpes” should be able to assume that the inquiry is anonymous. If not anonymous, the information knowingly or unknowingly disclosed by the patient should not be divulged to others.

Unfortunately, neither assumption may be true. Anonymity is threatened by the visible Internet address of the patient’s computer or the often unique configuration of the patient’s web browser.2 Confidentiality is threatened by the leakage of information to third parties through code on websites (eg, iframes, conversion pixels, social media plug-ins) or implanted on patients’ computers (eg, cookies, beacons).

Many third parties use the information they collect only to target advertising (eg, DoubleClick). However, nearly 300 third parties use the information to track consumers,3 delivering advertising related more directly to the user’s known or inferred interests, demographics, and prior online behavior.

These weaknesses in privacy practices have been detailed in the news media.4 The Federal Trade Commission has called for consumer privacy legislation.5 Online privacy guidelines for searches on health topics have been published.6 But privacy threats are poorly understood because of the technical nature of online data collection and aggregation.

I therefore explored this potential problem between December 2012 and January 2013 using a convenience sample of 20 popular health-related websites. I used freely available privacy tools (DoNotTrackMe [www.abine.com] and Ghostery [www.evidon.com]) to detect third parties. These tools are downloadable and installed as add-ons to a web browser. I purchased and installed commercial interception software (Charles [www.Charlesproxy.com]) to intercept hidden traffic from my computer to the websites of third parties.4,7 On each site I browsed 10 pages randomly and searched for content related to “depression,” “herpes,” and “cancer.”

I found that all 20 sites had at least 1 third-party element, typically 6 or 7. Most of these elements had nontracking functions. Thirteen of the 20 websites had 1 or more tracker elements (Table). Unlike most of the commercial and mass media sites sampled, I found no tracking elements on physician-oriented sites closely coupled to professional groups. Social media networks use plug-in buttons (eg, Facebook’s “Like” button) to allow tracking on websites even if the online user is not logged into social media, and even if the user does not actually press the social button. Five of the 13 sites that had tracker elements had also enabled such social media button tracking.

Table Graphic Jump LocationTable.  Tracking of Searches at 20 Health-Related Websites

Using the interception tool, I found that my searches on websites for the 3 terms were leaked to third-party tracking entities by 7 websites. The search terms were not leaked to third-party tracking sites when I browsed US government sites or 4 of the 5 physician-oriented sites.

In general, the information gathered by websites and their third-party affiliates enhances the online user’s experience and allows targeted advertisements, which support a free business model. However, threats to privacy are real and are insufficiently addressed in current legislation and regulations.5 Were such risks to be realized, the ramifications could span embarrassment, discrimination in the labor market, or the deliberate decision by marketers not to offer or advertise particular goods and services to an individual, based solely on the companies’ privately gathered knowledge.

I could not determine whether leaked information was used or misused by third parties. However, the leakage of search terms to tracking entities is worrisome. All the websites I reviewed have privacy protection statements. These alert users to data sharing and undertake to protect individual data through contractual agreements that mandate aggregation and deidentification of user data. Nevertheless, such agreements are generally not disclosed to users and may not survive a change of corporate ownership. Commercial websites may also disclose user activity to the government, as recent National Security Agency news stories have suggested.

Security concerns about health care information have traditionally revolved around the loss or theft of patient information from health care provider health records or the misuse of information by health care providers.8 Yet much health-related information is not stored in electronic health records, but generated in private health-related searches.

My findings suggest that patients and physicians who are concerned about the privacy of information about their health-related searches may prefer to search through government websites or those of professional societies. Alternatively, individuals can use privacy tools that are available free of charge when searching and browsing online. Examples are DoNotTrackMe and Ghostery. Use of these tools created some inconveniences but generally did not affect the functionality of the websites I examined.

Failure to address these concerns may diminish trust in health-related websites and reduce the willingness of some people to access health-related information online. Until strong consumer privacy legislation is enacted, individuals should take care how much trust they place in their anonymity and the confidentiality of their information when online.

Corresponding Author: Marco D. Huesch, MBBS, PhD, USC Price School of Public Policy, Gateway–Unit A, 3335 S Figueora St, Los Angeles, CA 90089-7273 (huesch@usc.edu).

Published Online: July 8, 2013. doi:10.1001/jamainternmed.2013.7795.

Conflict of Interest Disclosures: Dr Huesch receives salary, research, and travel support from the Agency for Healthcare Research and Quality (R21 HS021868-01) for a social media and Internet-based project, and from Lockheed Martin for a project, both not related to this study. Dr Huesch also reports receiving payments for consulting to the Institute of Medicine and manuscript preparation unrelated to this study from Precision Health Economics, a pharmaceutical consultancy.

Disclaimer: This study was not reviewed by funders’ representatives and does not reflect their official positions.

Hesse  BW, Nelson  DE, Kreps  GL,  et al.  Trust and sources of health information: the impact of the Internet and its implications for health care providers: findings from the first Health Information National Trends Survey. Arch Intern Med. 2005;165(22):2618-2624.
PubMed   |  Link to Article
Eckersley P. How unique is your browser? proceedings of the Privacy Enhancing Technologies Symposium. 2010. https://panopticlick.eff.org/. Accessed June 14, 2013.
Third party tracking elements: blocking options. http://www.ghostery.com/help/firefox. June 14, 2013.
Valentino-Devries J, Singer-Wine J. They know what you’re shopping for. Wall Street Journal. 2012. http://online.wsj.com/article/SB10001424127887324784404578143144132736214.html. Accessed June 14, 2013.
Federal Trade Commission. Protecting consumer privacy in an era of rapid change. 2012. http://ftc.gov/os/2012/03/120326privacyreport.pd. Accessed June 14, 2013.
Winker  MA, Flanagin  A, Chi-Lum  B,  et al; American Medical Association.  Guidelines for medical and health information sites on the internet: principles governing AMA web sites. JAMA. 2000;283(12):1600-1606.
PubMed   |  Link to Article
Krishnamurthy B, Naryshkin K, Wills CE. Privacy leakage vs protection measures: the growing disconnect. Proceedings of the Web 2.0 Security and Privacy Workshop. May 26, 2011; Oakland, California. http://w2spconf.com/2011/papers/privacyVsProtection.pdf. Accessed June 14, 2013.
Chretien  KC, Azar  J, Kind  T.  Physicians on Twitter. JAMA. 2011;305(6):566-568.
PubMed   |  Link to Article

Figures

Tables

Table Graphic Jump LocationTable.  Tracking of Searches at 20 Health-Related Websites

References

Hesse  BW, Nelson  DE, Kreps  GL,  et al.  Trust and sources of health information: the impact of the Internet and its implications for health care providers: findings from the first Health Information National Trends Survey. Arch Intern Med. 2005;165(22):2618-2624.
PubMed   |  Link to Article
Eckersley P. How unique is your browser? proceedings of the Privacy Enhancing Technologies Symposium. 2010. https://panopticlick.eff.org/. Accessed June 14, 2013.
Third party tracking elements: blocking options. http://www.ghostery.com/help/firefox. June 14, 2013.
Valentino-Devries J, Singer-Wine J. They know what you’re shopping for. Wall Street Journal. 2012. http://online.wsj.com/article/SB10001424127887324784404578143144132736214.html. Accessed June 14, 2013.
Federal Trade Commission. Protecting consumer privacy in an era of rapid change. 2012. http://ftc.gov/os/2012/03/120326privacyreport.pd. Accessed June 14, 2013.
Winker  MA, Flanagin  A, Chi-Lum  B,  et al; American Medical Association.  Guidelines for medical and health information sites on the internet: principles governing AMA web sites. JAMA. 2000;283(12):1600-1606.
PubMed   |  Link to Article
Krishnamurthy B, Naryshkin K, Wills CE. Privacy leakage vs protection measures: the growing disconnect. Proceedings of the Web 2.0 Security and Privacy Workshop. May 26, 2011; Oakland, California. http://w2spconf.com/2011/papers/privacyVsProtection.pdf. Accessed June 14, 2013.
Chretien  KC, Azar  J, Kind  T.  Physicians on Twitter. JAMA. 2011;305(6):566-568.
PubMed   |  Link to Article

Correspondence

CME
Meets CME requirements for:
Browse CME for all U.S. States
Accreditation Information
The American Medical Association is accredited by the Accreditation Council for Continuing Medical Education to provide continuing medical education for physicians. The AMA designates this journal-based CME activity for a maximum of 1 AMA PRA Category 1 CreditTM per course. Physicians should claim only the credit commensurate with the extent of their participation in the activity. Physicians who complete the CME course and score at least 80% correct on the quiz are eligible for AMA PRA Category 1 CreditTM.
Note: You must get at least of the answers correct to pass this quiz.
You have not filled in all the answers to complete this quiz
The following questions were not answered:
Sorry, you have unsuccessfully completed this CME quiz with a score of
The following questions were not answered correctly:
Commitment to Change (optional):
Indicate what change(s) you will implement in your practice, if any, based on this CME course.
Your quiz results:
The filled radio buttons indicate your responses. The preferred responses are highlighted
For CME Course: A Proposed Model for Initial Assessment and Management of Acute Heart Failure Syndromes
Indicate what changes(s) you will implement in your practice, if any, based on this CME course.
Submit a Comment

Multimedia

Some tools below are only available to our subscribers or users with an online account.

Web of Science® Times Cited: 1

Related Content

Customize your page view by dragging & repositioning the boxes below.

See Also...
Articles Related By Topic
Related Collections
PubMed Articles