Think your medical searches are safe and anonymous? Think again. An upcoming article in the March issue of Communication of the ACM shows how easily your late-night, “anonymous” searches on WebMD can be connected to your real name – and that data can be used to discriminate against you.
Search profiles are built by algorithms from multiple parties on the internet (marketers, criminals, search engines, social media sites) based on searches made on other sites like WebMD or CDC.gov. Leave your profile open on Facebook and go search on Zappos for a new pair shoes. Soon you’ll see those same shoes advertise on the sidebar of your Facebook profile.
This type of marketing can be great for scoring a deal, but as the article points out, it can easily be used to discriminate against customers who may be facing medical expenses like HIV or cancer treatments.
University of Pennsylvania doctoral student Timothy Libert, author of the article, created a software tool to investigate the http requests initiated to third party advertisers and data brokers. He found that 91 percent of the health-related websites studied sent such requests, and that 70 percent of those searches included information like specific symptoms, treatments, or diseases. Most of this information goes to a small group of advertisers, the largest being Google, which collects user information from 78 percent of the web pages, while Facebook collected 31 percent.
Libert said this was cause for alarm considering how much personal data is also collected by sites like Google and Facebook, where people have profiles that reveal public information like names, email accounts, friends, and even financial data.
“Advertisers promise their methods are wholly anonymous and therefore benign,” Libert wrote. “Yet identification is not always required for discriminatory behavior to occur. Personal health information…has suddenly become the property of private corporations who may sell it to the highest bidder or accidentally misuse it to discriminate against the ill.”
Even going “incognito” won’t prevent these third-party requests from being made, Libert told Time, meaning your searches from private browsers are still being mined for data. For now, these sites have no obligation under current HIPAA laws to keep your searches private, so it may be best to install browser extensions like Ghostery or Adblock Plus, or you know, go offline for your medical inquiries.