Research: 99% of hospitals violate customer privacy by sharing data with large IT companies

According to a new study by the University of Pennsylvania and Carnegie Mellon University, 98.6% of healthcare websites use third-party tracking code that regularly transfers patient data to large IT companies. According to the researchers, this violates US privacy laws.

The experts used descriptive statistics and regression analysis to check the transfer of patient data to third parties. As a result, they found trackers in healthcare systems, hospitals, and other medical facilities.

The researchers examined all US hospitals (6,162 sites), including 3,747 non-governmental emergency rooms. Almost all sites had at least one data transfer, and 94.3% had at least one third-party cookie.

The main «recipient» of the data was Alphabet, the parent company of Google. Representatives of Alphabet received data from 98.5% of sites. Meta is the second most common recipient with 55.6% of all data. It is noteworthy that 69% of hospital websites also transferred data to third-party domains whose company cannot be identified.

Experts noted that the largest amount of data was transmitted by public hospitals, hospitals with teaching departments, and urban medical centers. Moreover, the researchers found a large number of organizations transferring data to third parties as part of their «business models based on tracking people’s online activities to target online advertising.»