Privacy concerns of web tracking on healthcare websites
Huo, Mingjia
Loading…
Permalink
https://hdl.handle.net/2142/117825
Description
Title
Privacy concerns of web tracking on healthcare websites
Author(s)
Huo, Mingjia
Issue Date
2022-12-05
Director of Research (if dissertation) or Advisor (if thesis)
Levchenko, Kirill
Department of Study
Electrical & Computer Eng
Discipline
Electrical & Computer Engr
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Keyword(s)
Web Tracking
Web Privacy
Protected Health Information
Language
eng
Abstract
In the United States, Protected Health Information (PHI) is protected under the Health Insurance Portability and Accountability Act (HIPAA). This act limits the disclosure of PHI without the patient's consent or knowledge. However, as medical care becomes web-integrated, many providers have chosen to use third-party web trackers for measurement and marketing purposes, and ensuring PHI is not unintentionally or maliciously leaked becomes difficult. This paper investigates health information leakage in online medical records, focusing on 459 online patient portals and 4 telehealth websites. We find that 14 percent of patient portals had Google Analytics, which includes HTTP cookies that could be used to identify users. Besides, 5 portals and 4 telehealth websites contained JavaScript-based trackers that leaked PHI, including lab results, to third parties. We notified healthcare providers of the PHI breaches and found only 15.7 percent took action to correct leaks. After notifying Epic, the healthcare portal vendor of patient portals in our study, of the PHI leaks, we received a prompt response and observed extensive mitigation across providers.
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.
