Previously submitted to: Journal of Medical Internet Research (no longer under consideration since Aug 12, 2024)
Date Submitted: Mar 15, 2024
Open Peer Review Period: Mar 15, 2024 - May 10, 2024
(closed for review but you can still tweet)
NOTE: This is an unreviewed Preprint
Warning: This is a unreviewed preprint (What is a preprint?). Readers are warned that the document has not been peer-reviewed by expert/patient reviewers or an academic editor, may contain misleading claims, and is likely to undergo changes before final publication, if accepted, or may have been rejected/withdrawn (a note "no longer under consideration" will appear above).
Peer-review me: Readers with interest and expertise are encouraged to sign up as peer-reviewer, if the paper is within an open peer-review period (in this case, a "Peer-Review Me" button to sign up as reviewer is displayed above). All preprints currently open for review are listed here. Outside of the formal open peer-review period we encourage you to tweet about the preprint.
Citation: Please cite this preprint only for review purposes or for grant applications and CVs (if you are the author).
Final version: If our system detects a final peer-reviewed "version of record" (VoR) published in any journal, a link to that VoR will appear below. Readers are then encourage to cite the VoR instead of this preprint.
Settings: If you are the author, you can login and change the preprint display settings, but the preprint URL/DOI is supposed to be stable and citable, so it should not be removed once posted.
Submit: To post your own preprint, simply submit to any JMIR journal, and choose the appropriate settings to expose your submitted version as preprint.
Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
Banned Tracking Technology Use Among Medical Device, Pharmacy, and Hospital Webforms: A Cross-Sectional Study
ABSTRACT
Background:
Tracking technologies are frequently employed to gather and examine data regarding user interactions with websites or mobile applications of regulated health-related entities. These technologies then illegally share user data with third parties that use it to target ads to patients across social media platforms. This collection and sharing constitutes a data leak of massive proportions. Specifically, some pharmacies, medical device companies, and hospitals utilize banned tracking or surveillance technologies on their websites in a way that exposes patients’ prescriptions, medical device information, doctor appointments and contact details to third parties.
Objective:
This study aimed to assess the use of prohibited tracking technologies on unauthenticated URL’s within three types of entities: pharmacies, medical companies, and health systems.
Methods:
We identified the largest-by-revenue medical device companies, pharmacies, and hospitals in the United States, using a scanning tool we developed based on existing open source software to detect the presence or absence of five banned tracking technologies on a sample of them.
Results:
In total, we included 341 URLs associated with three different types of HIPAA covered entities in our scan sample. Medical device company (n= 147) webpages comprised 43.1% of our overall sample. Pharmacy webpages (n=96) comprised 28.2% of our sample, and hospitals/health system URLs (n=98) comprised 28.7% of our sample. 63.9% of the medical device company URLs scanned contained at least one banned surveillance technology. 59.2% of pharmacy URLs scanned had at least one banned surveillance technology installed. 59.8% out of hospital URLs scanned contained at least one banned surveillance tracker. The most common tracker found on medical device company sample was Google Audience (39.5%), followed closely by Facebook Pixel (36.1%) There were a number of device companies, pharmacies, and hospitals scanned that had none of the banned trackers. n=53 URLs or 36.1% did not have any banned trackers identified. 40.8% (44) of pharmacies did not have any trackers. 67.0% of hospital URLs scanned did not have any trackers identified.
Conclusions:
This study demonstrates the presence of health trackers on many health-related sites despite the laws that prohibit them, and further examines the ways PHI may be shared with social media platforms or third parties via unauthenticated landing pages. Future studies are needed to assess the impact of leaking sensitive data belonging to millions of patients to third party vendors. Clinical Trial: n/a
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.