By Jeff Wardon, Jr., Assistant Editor

Healthcare cybersecurity has been in the spotlight for some time now, and a relatively new security could compromise digital privacy: third-party tracking on hospital websites. Using this tactic, attackers could gain access to user information healthcare organizations share with third-party organizations. 

A recent JAMA Network study analyzed the privacy policies of hospital websites to understand the way they handle user information and third-party tracking. They looked at a sample of nonfederal, acute care hospitals to examine whether their websites used tracking technologies transferring data to third parties and if they had accessible privacy policies disclosing this.  

The study, from November 2023 to January 2024, assessed policy length, readability and content, focusing on details that include user information collected, potential uses, third-party recipients and user rights regarding tracking and information collection. 

Related: Tracking and Analytics Tool Compromised Patient Data

Key findings included: 

• 96 percent of hospital websites shared user information with third parties, 
• 71 percent of websites included a publicly accessible privacy policy, 
• Of 71 privacy policies, 40 — 56.3 percent — disclosed specific third-party companies receiving user information. 

A “substantial number of hospital websites did not present users with adequate information about the privacy implications of website use, either because they lacked a privacy policy or had a privacy policy that contained limited content about third-party recipients of user information,” according to the study. 

Jeff Wardon, Jr. Is the assistant editor for the facilities market.