Patients increasingly use the Internet to access health-related information for which they are not charged.1 In turn, websites gather information from those who browse their sites and target advertisements to them. Yet this business model masks a more complicated picture.
A patient who searches on a “free” health-related website for information related to “herpes” should be able to assume that the inquiry is anonymous. If not anonymous, the information knowingly or unknowingly disclosed by the patient should not be divulged to others.
Unfortunately, neither assumption may be true. Anonymity is threatened by the visible Internet address of the patient’s computer or the often unique configuration of the patient’s web browser.2 Confidentiality is threatened by the leakage of information to third parties through code on websites (eg, iframes, conversion pixels, social media plug-ins) or implanted on patients’ computers (eg, cookies, beacons).
Many third parties use the information they collect only to target advertising (eg, DoubleClick). However, nearly 300 third parties use the information to track consumers,3 delivering advertising related more directly to the user’s known or inferred interests, demographics, and prior online behavior.
These weaknesses in privacy practices have been detailed in the news media.4 The Federal Trade Commission has called for consumer privacy legislation.5 Online privacy guidelines for searches on health topics have been published.6 But privacy threats are poorly understood because of the technical nature of online data collection and aggregation.
I therefore explored this potential problem between December 2012 and January 2013 using a convenience sample of 20 popular health-related websites. I used freely available privacy tools (DoNotTrackMe [www.abine.com] and Ghostery [www.evidon.com]) to detect third parties. These tools are downloadable and installed as add-ons to a web browser. I purchased and installed commercial interception software (Charles [www.Charlesproxy.com]) to intercept hidden traffic from my computer to the websites of third parties.4,7 On each site I browsed 10 pages randomly and searched for content related to “depression,” “herpes,” and “cancer.”
I found that all 20 sites had at least 1 third-party element, typically 6 or 7. Most of these elements had nontracking functions. Thirteen of the 20 websites had 1 or more tracker elements (Table). Unlike most of the commercial and mass media sites sampled, I found no tracking elements on physician-oriented sites closely coupled to professional groups. Social media networks use plug-in buttons (eg, Facebook’s “Like” button) to allow tracking on websites even if the online user is not logged into social media, and even if the user does not actually press the social button. Five of the 13 sites that had tracker elements had also enabled such social media button tracking.
Using the interception tool, I found that my searches on websites for the 3 terms were leaked to third-party tracking entities by 7 websites. The search terms were not leaked to third-party tracking sites when I browsed US government sites or 4 of the 5 physician-oriented sites.
In general, the information gathered by websites and their third-party affiliates enhances the online user’s experience and allows targeted advertisements, which support a free business model. However, threats to privacy are real and are insufficiently addressed in current legislation and regulations.5 Were such risks to be realized, the ramifications could span embarrassment, discrimination in the labor market, or the deliberate decision by marketers not to offer or advertise particular goods and services to an individual, based solely on the companies’ privately gathered knowledge.
I could not determine whether leaked information was used or misused by third parties. However, the leakage of search terms to tracking entities is worrisome. All the websites I reviewed have privacy protection statements. These alert users to data sharing and undertake to protect individual data through contractual agreements that mandate aggregation and deidentification of user data. Nevertheless, such agreements are generally not disclosed to users and may not survive a change of corporate ownership. Commercial websites may also disclose user activity to the government, as recent National Security Agency news stories have suggested.
Security concerns about health care information have traditionally revolved around the loss or theft of patient information from health care provider health records or the misuse of information by health care providers.8 Yet much health-related information is not stored in electronic health records, but generated in private health-related searches.
My findings suggest that patients and physicians who are concerned about the privacy of information about their health-related searches may prefer to search through government websites or those of professional societies. Alternatively, individuals can use privacy tools that are available free of charge when searching and browsing online. Examples are DoNotTrackMe and Ghostery. Use of these tools created some inconveniences but generally did not affect the functionality of the websites I examined.
Failure to address these concerns may diminish trust in health-related websites and reduce the willingness of some people to access health-related information online. Until strong consumer privacy legislation is enacted, individuals should take care how much trust they place in their anonymity and the confidentiality of their information when online.
Corresponding Author: Marco D. Huesch, MBBS, PhD, USC Price School of Public Policy, Gateway–Unit A, 3335 S Figueora St, Los Angeles, CA 90089-7273 (firstname.lastname@example.org).
Published Online: July 8, 2013. doi:10.1001/jamainternmed.2013.7795.
Conflict of Interest Disclosures: Dr Huesch receives salary, research, and travel support from the Agency for Healthcare Research and Quality (R21 HS021868-01) for a social media and Internet-based project, and from Lockheed Martin for a project, both not related to this study. Dr Huesch also reports receiving payments for consulting to the Institute of Medicine and manuscript preparation unrelated to this study from Precision Health Economics, a pharmaceutical consultancy.
Disclaimer: This study was not reviewed by funders’ representatives and does not reflect their official positions.
Thank you for submitting a comment on this article. It will be reviewed by JAMA Internal Medicine editors. You will be notified when your comment has been published. Comments should not exceed 500 words of text and 10 references.
Do not submit personal medical questions or information that could identify a specific patient, questions about a particular case, or general inquiries to an author. Only content that has not been published, posted, or submitted elsewhere should be submitted. By submitting this Comment, you and any coauthors transfer copyright to the journal if your Comment is posted.
* = Required Field
Disclosure of Any Conflicts of Interest*
Indicate all relevant conflicts of interest of each author below, including all relevant financial interests, activities, and relationships within the past 3 years including, but not limited to, employment, affiliation, grants or funding, consultancies, honoraria or payment, speakers’ bureaus, stock ownership or options, expert testimony, royalties, donation of medical equipment, or patents planned, pending, or issued. If all authors have none, check "No potential conflicts or relevant financial interests" in the box below. Please also indicate any funding received in support of this work. The information will be posted with your response.
Some tools below are only available to our subscribers or users with an online account.
Download citation file:
Web of Science® Times Cited: 2
Customize your page view by dragging & repositioning the boxes below.
Enter your username and email address. We'll send you a link to reset your password.
Enter your username and email address. We'll send instructions on how to reset your password to the email address we have on record.
Athens and Shibboleth are access management services that provide single sign-on to protected resources. They replace the multiple user names and passwords necessary to access subscription-based content with a single user name and password that can be entered once per session. It operates independently of a user's location or IP address. If your institution uses Athens or Shibboleth authentication, please contact your site administrator to receive your user name and password.