Consumers who use health Web sites aren't as anonymous as they may think because sites often share visitors' personal health information with advertisers and business partners without their knowledge or permission, reveals a new investigative report by the California Healthcare Foundation.
The report looked at the privacy policies and practices of the 21 most popular health sites on the Internet, including medscape.com, drkoop.com and mhnet.org. It was conducted by Janlori Goldman and Zoe Hudson of the Health Privacy Project at Georgetown University and Richard Smith, an independent Internet security expert.
The report found that while most health Web sites have attempted to establish privacy policies, few strictly regulate the collection of information by third-party advertisers and business partners.
Several host sites, for instance, allow third-party advertisers to collect visitors' personal information without disclosing this practice. Often, personal data entered into a Web-based form is sent to a third-party advertiser as well as the host site. As a result, visitors often get e-mails from advertisers about their products and services.
Psychologists and their clients should be aware of these practices when they're searching the Internet for information.
Web sites can potentially collect personal information from visitors when they participate in a variety of Internet tasks, such as visiting chat rooms and bulletin boards, searching for information, subscribing to electronic newsletters, e-mailing articles to friends or filling out a health-assessment forms.
"We found third-party ad networks receiving access to information that would allow them to build detailed, personally identified profiles of individual's health conditions and patterns of Internet use," says Smith.
The report suggests four steps companies can take to improve privacy safeguards at their sites:
Provide Web site visitors more anonymity by limiting the sharing of personal information gathered.