WEB PRIVACY: CHCF Study Reveals Disparities in Online Privacy Policies, Practices
While medical Web sites say they ensure the privacy of their online visitors, a new, "first-of-its-kind" study by the California Healthcare Foundation (CHCF) finds that the sites often collect profile information about their users and sell the data to other companies. Janlori Goldman of Georgetown University's Health Privacy Project -- the group that conducted the research -- said, "We found that almost across the board, the privacy practices [on the Web sites] did not match the policies." All of the 21 leading health Web sites reviewed for the study post "privacy pledges," but eight of the sites had business deals with DoubleClick Inc., a data firm that has collected more than 100 million user files through Web banners, the Washington Post reports. Three more sites had similar data-gathering relationships with other firms (Schwartz, 2/1). "Health care Web sites have access to an unprecedented amount of personal health information. We found third party ad networks receiving access to information that would allow them to build a detailed, personally identified profile of an individual's health conditions and patterns of Internet use," Richard Smith, Internet security expert and one of the study's investigators, said (CHCF release, 2/1). The study, which was released today, finds that "[n]one of the sites examined that use ad networks disclosed whether they are doing profiling. Nor did they explain what is happening with the data being collected by the ad networks." Goldman explained, "[The sites] are giving people a false sense of confidence and a false sense of trust."
A survey of adult online users -- conducted by CHCF and the Internet Health Coalition -- found that 75% of respondents are concerned about health Web sites passing their personal data to other organizations without permission; 17% said that they do not use the Internet to gather health data for privacy reasons. In addition, the poll shows that 80% of respondents agreed that the existence of Web privacy policies "has a positive impact on their willingness to engage in online health activities" (Washington Post, 2/1).
Reasons to Worry...
At a press conference today in Washington, D.C., CHCF released five key findings from the report:
- Visitors to health Web sites are not anonymous, even if they think they are;
- Health Web sites recognize consumers' concerns about the privacy of their personal information and have established privacy policies, but the policies fall short of safeguarding consumers;
- There is inconsistency between privacy policies and practices of health Web sites;
- Consumers are using health Web sites to better manage their health, but their personal information may not be adequately protected;
- Health Web sites with privacy policies that disclaim liability for the actions of third parties negate those very policies (CHCF release, 2/1).
New Technology, New Rules
Noting that the report was intended to "wake up" the Internet industry to its consumer privacy obligations, Sam Karp, chief information officer for CHCF, said, "We're large proponents of the opportunities that the Internet provides for getting better quality information in health care," adding that "consumers say they are willing to share some [personal information] in return for some services." Goldman said, "Our message to these companies is privacy is the number one issue facing health Web sites" (Washington Post, 2/1). She added that the report urges the online health industry to take to following steps:
- Overhaul Web site privacy policies, bringing them in accordance with the FTC's fair information practices;
- Close the loop between policy theory and actual practice;
- Aim to provide users anonymity whenever possible;