3rd party data aggregators can follow people across multiple websites. When they track browser cookies, pixels, beacons, mobile application identifiers, and Adobe Flash technology it is very possible for them to figure out specific people.

This sort of computing device data often qualifies as PHI according to HHS:

Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-online-tracking/index.html

Thank you Dr. Pope for summary below.

Michael Reeder, LCPC

-------- Forwarded Message --------

Medpage includes an article: “Nearly All Hospital Websites Send Tracking Data to Third Parties — Most common recipients of data were Alphabet, Meta, Adobe, and AT&T.”

Here are some excerpts:

Third-party tracking is used on almost all U.S. hospital websites, endangering patient privacy, a cross-sectional observational study found.

Of 3,747 hospitals included in the 2019 American Hospital Association (AHA) annual survey, 98.6% of their website home pages had at least one third-party data transfer, and 94.3% had at least one third-party cookie.

“In the U.S., third-party tracking is ubiquitous and extensive,” researchers led by Ari B. Friedman, MD, PhD of the University of Pennsylvania in Philadelphia, wrote in Health Affairs.

“The high number of entities engaged in tracking on hospital websites heightens potential privacy risks to patients.”

The tracking data most commonly went to Google’s parent company Alphabet (98.5% of homepages), followed by Meta (formerly Facebook), which was used in 55.6% of hospital homepages. Adobe Systems and AT&T collected data from 31.4% and 24.6% of hospital pages, respectively.

“What we found is that it’s virtually impossible to look at any hospital website in the country without exposing yourself to some tracking,” study coauthor Matthew McCoy, PhD, of the University of Pennsylvania, told MedPage Today.

“That’s really significant, because even if you were a patient with privacy concerns and you wanted to avoid this kind of thing, what that means is you really don’t have an option to do that.”

Hospital website home pages had a median of 16 third-party transfers, with more third-party transfers from medium-sized hospitals as opposed to small and large ones (24, 17, and 13 transfers, respectively).

Of hospital characteristic factors, membership in a health system, having a primarily urban patient population, and having a medical school affiliation were all significantly associated with a greater number of third-party transfers on hospital website home pages.

<snip>

On 100 randomly sampled hospital websites, searches for six “potentially sensitive” conditions turned up 30 patient-facing pages for those conditions – and all had at least one third-party data transfer.

McCoy said the number of companies tracking data on any given website was alarming.

“Imagine you were browsing a hospital website for something related to your health, and you had one person looking over your shoulder and gleaning information about your health from a browsing session – that would probably make you pretty uncomfortable,” he said.

“Multiply that by 16, by 20, and you’ve got that many more people looking over your shoulder.”

<snip>

According to the study, "Many of the third parties to which data are transferred have business models built on identifying and tracking people for the purposes of targeting online advertisements.”

Some tracking companies, like Acxiom, sell the data to other companies or allow health-related profiling, like Adobe and Oracle.

Because of this tracking, patients might see more targeted advertising for drugs, supplements, or insurance based on their personal medical conditions.

Health-related information, the authors wrote, could even be used in risk scores that affect credit or insurance eligibility.

<snip>

“Setting aside those kinds of questions about legal liability…, I think most healthcare providers would recognize themselves as having a responsibility to protect the interests of their patients, and that means also protecting their patients’ interest in privacy,” McCoy said.

<snip>

Researchers used a tool called webXray to record third-party tracking from hospital home pages, count the data transfers that occurred when a page loaded, and linked individual tracking domains to their parent companies.

Ken Pope

~~ Merely forwarded by: Michael Reeder LCPC Baltimore, MD

#Ethics #EthicalAI #AI #CollaborativeHumanAISystems #HumanAwareAI #chatbotgpt #bard #security #dataanalytics #artificialintelligence #CopyAI #HIPAA #privacy #psychology #counseling #socialwork #psychotherapy #research

@psychotherapist@a.gup.pe @psychotherapists@a.gup.pe @psychology@a.gup.pe @socialpsych@a.gup.pe @socialwork@a.gup.pe @psychiatry@a.gup.pe #EHR #mentalhealth #technology #psychiatry #healthcare #medical #doctor​ #healthcare #hospital