Jump to content

Menu
Giving You and Your Child a Road Map to the Best Possible Education
The Well-Trained Mind Community

News: 49 out of 50 telehealth websites sharing health data via Big Tech’s tracking tools

Arcadia

By Arcadia,
in The Chat Board

 Share

Recommended Posts

Arcadia

Arcadia

Posted
Posted

https://www.statnews.com/2022/12/13/telehealth-facebook-google-tracking-health-data/

Very long article. Sorry for the bad formatting 
15924A2D-BA4C-4133-926C-EA8961453341.thumb.jpeg.0ef637a718fc194a779804ff18b49d5e.jpeg
 

On 13 of the 50 websites, STAT and The Markup documented at least one tracker — from Meta, Google, TikTok, Bing, Snap, Twitter, LinkedIn, or Pinterest — that collected patients’ answers to medical intake questions. Trackers on 25 sites, including those run by industry leaders Hims & Hers, Ro, and Thirty Madison, told at least one big tech platform that the user had added an item like a prescription medication to their cart, or checked out with a subscription for a treatment plan.

… All but one website examined sent URLs users visited on the site and their IP addresses — akin to a mailing address for a computer, which can be used to link information to a specific patient or household — to at least one tech company. The only telehealth platform that the analysis did not find sharing data with outside tech giants was Amazon Clinic, a platform recently launched by Amazon.

Health privacy experts and former regulators said sharing such sensitive medical information with the world’s largest advertising platforms threatens patient privacy and trust and could run afoul of unfair business practices laws. They also emphasized that privacy regulations like the Health Insurance Portability and Accountability Act (HIPAA) were not built for telehealth. That leaves “ethical and moral gray areas” that allow for the legal sharing of health-related data, said Andrew Mahler, a former investigator at the U.S. Department of Health and Human Services’ Office for Civil Rights.

… On Workit’s site, for example, STAT and The Markup found that a piece of code Meta calls a pixel sent responses about self-harm, drug and alcohol use, and personal information — including first name, email address, and phone number — to Facebook.

… The investigation found trackers collecting information on websites that sell everything from addiction treatments and antidepressants to pills for weight loss and migraines. Despite efforts to trace the data using the tech companies’ own transparency tools, STAT and The Markup couldn’t independently confirm how or whether Meta and the other tech companies used the data they collected.

After STAT and The Markup shared detailed findings with all 50 companies, Workit said it had changed its use of trackers. When reporters tested the website again on Dec. 7, they found no evidence of tech platform trackers during the company’s intake or checkout process.

“Workit Health takes the privacy of our members seriously,” Kali Lux, a spokesperson for the company, wrote in an email. “Out of an abundance of caution, we elected to adjust the usage of a number of pixels for now as we continue to evaluate the issue.”

 

STAT and The Markup found tech company trackers on 49 telehealth websites

Type of tracker:
📍 URLs users visited
👋 Personal info (e.g. full name, email, phone)
💸 When user initiated checkout
💬 User's answers to questionnaires
🛒 When user added to the cart
✍️ When user created an account

 Page 1 of 4  
Table with 10 columns and 50 rows. Currently displaying rows 1 to 15. Sorted ascending by column "Company"
Company Google Facebook Bing TikTok Snapchat Pinterest LinkedIn Twitter Company response
Amazon Clinic                 Did not respond
Apostrophe 📍 👋 📍 🛒💸 👋🛒 🛒     Link
Bicycle Health 👋   👋           Link
Boulder Care 📍 👋             Link
Brightline 📍 💸       📍 📍   Did not respond
Brightside 📍 👋 💸 📍     📍 📍 Did not respond
Calibrate 📍 👋💬💸 📍 👋 💸         Link
Cerebral 📍 👋💬 📍 ✍️ 👋 ✍️ 👋 💸 📍   Link
Clearing 📍 👋             Link
Cove 💬 👋💬🛒   ✍️ 👋 ✍️       Link
Curology 💸 💬 📍   👋 ✍️ 👋 ✍️     Did not respond
DearBrightly 💸 👋 💸   🛒 🛒       Did not respond
Done. 📍 👋 📍 👋 ✍️   📍   📍 Link
Dorsal   👋             Did not respond
Eleanor Health 📍           📍   Declined to comment
In most cases, a label implies a URL was sent in addition to more detailed information. Trackers that identify 📍 exclusively sent the URLs as opposed to sending the URL and other types of information. Trackers that identify “💸 When you initiate checkout” are likely undercounted. STAT and The Markup only logged checkout events with pre-set or custom “checkout” labels. However, there are other ways to log checkout events, such as by checking URLs for the word “checkout.” 
Table: Joel Eastwood/The Markup  Source: STAT and The Markup analysis
 

 

 

Rather than providing care themselves, telehealth companies often act as middlemen connecting patients to affiliated providers covered by HIPAA. As a result, information collected during a telehealth company’s intake may not be protected by HIPAA, while the same information given to the provider would be.

“All the privacy risks are there, with the mistaken but entirely reasonable illusion of security,” said Matthew McCoy, a medical ethics and health policy researcher at the University of Pennsylvania. “That’s a really dangerous combination of things to force the average consumer to deal with.”

In response to questions for this story, representatives of Meta, Google, TikTok, Bing, Snap, and Pinterest said advertisers are responsible for ensuring they aren’t sending sensitive information via the tools. Twitter did not respond to requests for comment.

“Doing so is against our policies and we educate advertisers on properly setting up Business tools to prevent this from occurring,” wrote Meta’s Hogan. “Our system is designed to filter out potentially sensitive data it is able to detect.”

LinkedIn’s tracker “collects URL information which we immediately encrypt when it reaches our servers, delete within 7 days and do not add to a profile,” Leonna Spilman, a spokesperson for the company, wrote in an email.

Nevertheless, three of the seven big tech companies also said they had taken action to investigate or stop the data sharing.

Google is “currently investigating the accounts” in question, spokesperson Elijah Lawal wrote in an email.

“In response to this new information, we have paused data collection from these advertisers’ sites while we investigate,” Snap spokesperson Peter Boogaard wrote in an email.

Pinterest “offboarded the companies in question,” spokesperson Crystal Espinosa wrote in an email.“

  • Thanks 1
  • Sad 1
Link to comment
Share on other sites
Arcadia

Arcadia

Posted
  • Author
Posted
33 minutes ago, Starr said:

Isn't this every system? Is there anyway not to be part of it?

My healthcare provider has Telehealth options but I mainly use their on site services. So my data is still covered under HIPAA. So I guess the solution is to avoid the Telehealth middlemen like Workit, Hims & Hers, Ro, and Thirty Madison who are not governed by HIPAA.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...