Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Websites offering treatment and support for people dealing with substance use disorders should try harder to protect patients’ data privacy.
After conducting a 16-month study on 12 notorious dipsomania mHealth websites, The Opioid Policy Institute (OPI) and Legal Action Center (LAC) claim that at least some of the patients` data was shared with third parties.
How Does Private Data Get to Be at Risk?
As most nowadays do, mHealth websites also use ad trackers for advertising purposes. Most of the sites that were analyzed in the study were using third-party session cookies which tracked identified users across other websites. Four of them even used session recording, which means that they were able to monitor on-site user behavior by means such as keystroke recording or plotting mouse movement patterns.
About half of the websites used Meta Pixel, so they sent that data to Facebook, while most of them used Google Analytics. Briefly, all 12 websites involved in the analysis sent at least some of the patients` data to ad tech companies.
#Wired: Telehealth Sites Put Addiction Patient Data at Risk $GOOG. Via: https://t.co/ZgA7Um3ijy https://t.co/r9gIJ54wmT
— Market Times™ (@markets_mt) November 17, 2022
Why Is Sharing Patient`s Data with Third Parties a Problem?
The problem is that, unlike other people that are being ad tracked on the internet, these individuals deal with a highly stigmatized medical condition. During their treatment, they share extremely sensitive information about their health condition and behavior. Cases of health data being hacked did happen recently.
According to the law, revealing any kind of personal information about a patient is usually regulated or forbidden. Maintaining privacy is even more important when it comes to treating addictions, because of the stigma involved. Leaking information about an addictive patient`s medical history could put his freedom, job, and family relationship at risk.
A law called 42 CFR Part 2, also known as “Part 2”, guarantees the confidentiality of treatment records and protects individuals from having their treatment history used against them. So, people who decide to reach out for help and use a mHealth site should be able to feel safe and only focus on their recovery. But now experts found out that these websites are not private enough, as they use various technologies that identify users, collect information about them, and also share all these with third parties.
Should Telehealth Sites Try Harder to Protect Their Clients` Data?
Dr. Jackie Seitz, one of the researchers involved in this study, appreciates the impact these online treatment methods have in saving people struggling to fight substance use disorders. However, she couldn`t stop wondering if the providers of this kind of service realize “all the different, leaky ways that the information they’re collecting about patients is sort of floating out.”
But the most important thing that telehealth companies should focus on is gaining and maintaining their users` trust. These people may have so much to lose if their data were to be exposed and used in an inappropriate or harmful manner, that they might even stop reaching for this kind of help. Guaranteeing health data safety and putting privacy protection first is what every mHealth website should work on these days.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
