How Analytics Tools, Third-Party Tracking Tech Pose Threats to Patient Privacy

June 12, 2023 - The transfer of sensitive data to non-HIPAA-covered entities may result in compliance complexities, data breaches, lawsuits, and threats to patient privacy. Following multiple high-profile healthcare data breaches and lawsuits against hospitals and tech companies like Meta over the use of this tech, researchers took interest in exploring the trend, later publishing a study in Health Affairs.

Listen to the full podcast to hear more details. And don’t forget to subscribe on iTunes, Spotify, or Google Podcasts.

“Prior to our study, there had been some investigative reporting looking at the use of tracking technologies on small groups of hospitals' websites,” explained Matthew McCoy, assistant professor of medical ethics and health policy at the University of Pennsylvania, and one of the study’s authors, in a recent episode of Healthcare Strategies.

“And we thought that given our experience in infrastructure, we could add some value to this debate by looking at this phenomenon across the entire hospital ecosystem.”

McCoy, along with UPenn assistant professor of emergency medicine Ari B. Friedman and their colleagues, set out to research just how widespread the use of tracking tech really was on hospital websites.

The researchers found third-party tracking technologies present on 98.6 percent of all nonfederal acute care hospital websites in the United States.

“Healthcare organizations are in a little bit of a bind right now,” said Friedman, describing the challenges of balancing functionality with privacy and security. Hospitals are likely implementing analytics tools with the intention of improving functionality, not intentionally transmitting patient data to tech companies, Friedman suggested.

“Web tracking is a pretty ubiquitous phenomenon on the internet,” McCoy added. “So, I don't think we were surprised to find some tracking on these websites, but I think we were a little bit surprised that there was as much tracking as there is because people who are working in hospital administration understand the importance of patient privacy, both ethically and legally.”

Still, little is known about how third parties actually leverage tracking data, the study noted. But research suggests that third parties may be targeting patients with advertisements for pharmaceuticals, insurance products, and medical supplements.

Despite these challenges, McCoy and Friedman both expressed hope that hospitals would take action to curb the use of tracking tech or at least reassess the role that these tools play on their sites.

“There is the prospect of potentially seeing civil monetary penalties for HIPAA violations on top of the bad press and class action lawsuits, McCoy stated.

“That's a pretty weighty combination of factors for hospitals to really reconsider whether or not the value that they're getting out of these trackers justifies maintaining them in the face of all this pressure.”