PSCU - Credit Union Tracker - September/October 2023 Banner

Study: Private Medical Info Often Exposed to Data Leakage

medical data

A recent report finds that consumers’ private medical information may not be that private.

“The healthcare industry has rapidly embraced digital technologies to enhance patient care, streamline operations, and improve communication,” security firm Feroot wrote on its blog last week in discussing its new report.

“However, this digital transformation brings with it a significant challenge: protecting patient data. One often overlooked risk comes from tracking pixels, which can lead to (accidental) data leakage and privacy breaches. Additionally, the use of pixels and trackers can potentially lead to HIPAA violations if they are employed in a manner that compromises patient privacy or security.”

The study, released Oct. 12 and flagged in a Bloomberg News article Tuesday (Oct. 17), notes that some of the most common tracking pixels came from Big Tech firms like Google and Meta.

Feroot found that of the hundreds of healthcare and telehealth websites it examined, more than 86% had collected user data without their consent.

Practices like this have gotten the attention of the U.S. government, with the Federal Trade Commission (FTC) taking the first enforcement action under its Health Breach Notification Rule earlier this year.

The order, issued in February, blocks digital health platform GoodRx from sharing consumers’ health information for advertising and fines the firm $1.5 million for failing to report its unauthorized disclosure of the data to Facebook, Google and other companies.

“Digital health companies and mobile apps should not cash in on consumers’ extremely sensitive and personally identifiable health information,” FTC Bureau of Consumer Protection Director Samuel Levine said in a news release. “The FTC is serving notice that it will use all of its legal authority to protect American consumers’ sensitive data from misuse and illegal exploitation.”

The Health Breach Notification Rule requires vendors of personal health records and other entities to inform customers, the FTC and in some cases the media when data is acquired without customer consent.

GoodRx has disputed the allegations and said it agreed to a settlement to avoid drawn-out litigation with the FTC.

The Feroot study comes as a growing number of American consumers embrace the idea of accessing healthcare in the digital realm.

PYMNTS Intelligence finds 46% of all consumers in the U.S. — a projected 119 million patients — now engage with their healthcare providers via a combination of patient portals, telehealth appointments, apps and in-person visits.

“And the number of these so-called ‘omnichannel patients’ is growing monthly,” PYMNTS wrote earlier this year.