Healthcare cybersecurity has been in the spotlight for some time now, and a relatively new security could compromise digital privacy: third-party tracking on hospital websites. Using this tactic, attackers could gain access to user information healthcare organizations share with third-party organizations.
A recent JAMA Network study analyzed the privacy policies of hospital websites to understand the way they handle user information and third-party tracking. They looked at a sample of nonfederal, acute care hospitals to examine whether their websites used tracking technologies transferring data to third parties and if they had accessible privacy policies disclosing this.
The study, from November 2023 to January 2024, assessed policy length, readability and content, focusing on details that include user information collected, potential uses, third-party recipients and user rights regarding tracking and information collection.
Related: Tracking and Analytics Tool Compromised Patient Data
Key findings included:
- 96 percent of hospital websites shared user information with third parties,
- 71 percent of websites included a publicly accessible privacy policy,
- Of 71 privacy policies, 40 — 56.3 percent — disclosed specific third-party companies receiving user information.
A “substantial number of hospital websites did not present users with adequate information about the privacy implications of website use, either because they lacked a privacy policy or had a privacy policy that contained limited content about third-party recipients of user information,” according to the study.
Jeff Wardon, Jr. Is the assistant editor for the facilities market.
The Double-Edged Sword of AI in Healthcare Cybersecurity
Third-Party Vendors and Networks Pose Risks for Healthcare Cybersecurity
Community Health Network and Lifepoint Behavioral Health Form Joint Venture
PAM Health Reveals Plans to Build 42-bed Rehab Hospital in Florida
When Product Labels and Regulatory Guidelines Clash