Many Hospitals Sell Website User Data — Without Telling You

Advertising Disclosure: When you buy something by clicking links on our site, we may earn a small commission, but it never affects the products or services we recommend.

A doctor uploads patient data online.
fizkes /

You’d think that it’d be required for your online activity on medical websites to be private.

It’s not, and many hospitals aren’t disclosing that fact either. According to a recent study, almost all hospital websites share website user information with third parties. This data typically includes at least a website visitor’s internet protocol (IP) address and the URLs (uniform resource locators) of the specific pages of a hospital website that they visited.

Researchers at the University of Pennsylvania reviewed a sample of 100 non-federal acute care hospitals across the country and recently published their findings in JAMA Network Open, a journal of the American Medical Association.

Most — 96% — of the reviewed hospitals distributed website user data; only 71% had a publicly accessible privacy policy. Of those publicly available policies, only 56% disclosed which specific third parties would receive that website user data.

Study authors write that “a substantial number of hospital websites did not present users with adequate information about the privacy implications of website use.”

Researchers used webXray, a tool that detects third-party activity on websites, to analyze where website user data was going. The most common third-party organizations taking data from hospital websites include Google and Meta, the parent company of Facebook, according to reporting from The Register, a tech news website.

Not only are many of the policies not publicly provided or sparse on some information, but they’re also more difficult for people to read. Researchers concluded that the average length of hospital website privacy policies was 2,527 words, and policies were, on average, written at a college reading level. So, much of the content of these policies might not be understood by the average user.

There are tools available to consumers, not just patients, hoping to protect their data from third parties. Nonprofit group the Electronic Frontier Federation (EFF) offers a browser extension called Privacy Badger, which blocks advertisers and other third-party trackers.

The EFF’s Cover Your Tracks tool lets users know how well their browsers are blocking third-party trackers so they can switch to a browser with more built-in protection if they learn their current browser is inadequate.

There’s also Ghostery, a browser that boasts built-in privacy and blocks trackers, ads and pop-ups. Another common privacy tool is a virtual private network, also called a VPN.

Find an online privacy method that works for you. Many companies won’t be as invested in protecting your privacy as you are.

Get smarter with your money!

Want the best money-news and tips to help you make more and spend less? Then sign up for the free Money Talks Newsletter to receive daily updates of personal finance news and advice, delivered straight to your inbox. Sign up for our free newsletter today.