Healthcare organizations are increasingly scrutinizing their patient portals and other websites for web tracking technology from firms such as Facebook and Google. This follows warnings from regulators in December that trackers in patient websites may violate privacy law.
A growing number of hospitals are reporting data breaches involving trackers affecting millions of patients, leading some patients to file proposed class action lawsuits asserting that the trackers put sensitive health information in the hands of big tech companies.
Three healthcare organizations have recently joined the list of entities treating past use of tracking technologies in patient websites as a data breach reportable to federal authorities. The latest medical entities admitting web tracker usage incidents are New York-Presbyterian Hospital, UC San Diego Health, and Brooks Rehabilitation. New York Presbyterian disclosed that its use of trackers affected nearly 54,400 individuals, while UC San Diego said its use of trackers affected 23,000 individuals.
Brooks Rehabilitation, which provides services for neurological and other medical conditions, reported its tracking tool-related breach as affecting nearly 1,600 individuals.
The disclosures come as a privacy compliance firm found web trackers implanted into nearly half of the 5,400 hospital and other medical websites it scanned.
“Companies want to know exactly what’s happening on their websites,” said Ian Cohen, CEO of privacy compliance firm Lokker. “We all use a lot of tools to operate our sites. So this can be very difficult for companies to manage, and I think there’s a lot of uncertainty around their use,” he told Information Security Media Group.
