Report on the Privacy Policies and Practices of Health Web Sites

Consumer health care on the Internet has moved beyond its infancy and childhood, firmly into an awkward adolescence. While it is increasing in reach, scope, capacity, and independence, it is not mature enough to be predictable and reliable. Although health Web sites now provide a wide range of clinical and diagnostic information; opportunities to purchase products and services; interactions among consumers, patients, and health care professionals; and the capability to build a personalized health record, they have not matured enough to guarantee the quality of the information, protect consumers from product fraud or inappropriate prescribing, or guarantee the privacy of individuals’ information. This last point is the subject of this report.

Health care Web sites have access to an unprecedented amount of personal information about consumers. What are their policies about the privacy of that information? How easily can consumers find and understand them? Do they afford sufficient protection? And do the actual practices of the health sites reflect their stated policies?

This report presents a profile of the policies and practices of 21 health-related Web sites. The sites were selected to represent a mix of the most trafficked consumer health sites in the following categories: sites where consumer desire for anonymity might be more precious, sites where pharmaceuticals and health products may be researched and purchased, general search engines or portals that get a high degree of Internet traffic, and sites that target a specific demographic.

We have reviewed the privacy policies of each site and investigated whether their actual practices reflect their stated policies. The method of this investigation was

(1) to review the stated privacy policies against a set of “fair information practice principles” and

(2) to behave like a typical consumer on each site and observe and capture what happened to the data that was submitted.

It should be pointed out that these privacy policies and these actual practices were those in force during the month of January 2000, when this research was conducted. Given the degree of change and volatility in the Internet in general and in health care on the Internet in particular, we expect (and in fact hope) that some of the policies and practices will change.

These are the major findings of the investigative research:

• Visitors to health Web sites are not anonymous, even if they think they are. Through mechanisms such as cookies, profiling, banner ads, and clickstreams, sites are collecting information about individuals, often without their knowledge or consent.
  
  
• Health Web sites recognize consumers’ concern about the privacy of their personal health information and have made efforts to establish privacy policies; however, the policies fall short of truly safeguarding consumers. Most sites do not meet minimum fair information practices—such as providing adequate notice, giving users some control over their information, and holding business partners to the same privacy standards.
  
  
• There is inconsistency between the privacy policies and the actual practices of health Web sites. Numerous examples of practices that appear to contradict the stated privacy policies were uncovered. For example, on a number of sites personally identified information is collected through the use of cookies and banner advertisements by third parties without the host sites disclosing this practice. There are also instances where personally identified data is transferred to third parties in direct violation of stated privacy policies.
  
  
• Consumers are using health Web sites to better manage their health, but their personal health information may not be adequately protected. Even with the best intentions, many sites do not have adequate security in place to protect consumer information from the casual hacker or someone actively seeking to access company databases.
  
  
• Health Web sites with privacy policies that disclaim liability for the actions of third parties on the site negate those very policies. Few health sites maintain a chain of trust with third parties on their site because they do not hold those parties to the same privacy standards they espouse. Whatever privacy protections exist often do not follow the visitor’s data once it leaves the site.

Our intention in conducting and releasing this research is not to embarrass or single out particular health Web sites or to scare consumers away from getting valuable health information. Rather we aspire to alert consumers and the industry to an impending problem so the industry can address the problem before it becomes acute.

Ó 2000 California HealthCare Foundation.

The Informatics Review > Thoughts - Report on the Privacy Policies and Practices of Health Web Sites

dfs 2/11/00