[ad_1]
He has Facebook. already taken. Receive patient information from hospital websites through the tracking device. Google Stores Our health-related internet searches. Mental health apps Leave the room To share information with third parties not listed in their privacy policy. Consumers have few protections under the Health Insurance Portability and Accountability Act (HIPAA) when it comes to digital data, and popular health apps share data with a wide array of advertisers, according to our research.
Most of the data shared does not directly identify us. For example, apps may share strings of numbers called “tags” associated with our phones instead of our names. Not all recipients of this data are in the advertising business – some provide analytics on how users move through their apps. And companies argue that sharing what pages they’ve visited on a page called “depression” isn’t the same as exposing sensitive health concerns.
But privacy experts say sending user accounts with keywords in the content we visit opens consumers up to unnecessary risk. Big data collectors, such as brokerages or advertising companies, can piece together a person’s behavior or concerns using multiple pieces of information or tags. That means “depression” can be one more data point that helps companies target or profile us.
To get a sense of the data sharing going on behind the scenes, The Washington Post enlisted the help of several privacy experts and companies, including researchers at DuckDuckGo, which makes a variety of online privacy tools. After their findings were shared with us, we independently verified their claims using a tool called mitmproxy, which allows us to view the contents of web traffic.
We learned that several popular Android health apps like Drugs.com Medication Guide, WebMD: Symptom Checker, and Period Calendar Period Tracker gave advertisers the information they needed to market to people or groups of consumers based on their health concerns.
The Drugs.com Android app, for example, sent data to more than 100 outside parties, including advertising companies, DuckDuckGo said. Terms in those communications included “herpes,” “HIV,” “Adderal” (a drug used to treat attention-deficit/hyperactivity disorder), “diabetes,” and “pregnancy.” These keywords come with device identifiers, which raises questions about privacy and targeting.
Drugs.com is not transmitting any data that is considered “confidential personal information” and the advertisements are related to the content of the page and not to the individual viewing that page. The Post reported that in one instance, Drugs.com appeared to send a user’s first and last name — a pseudonym DuckDuckGo used for testing — a company it said never intended for users to enter their name into a “profile.” Name” field and stops transmitting the contents of that field.
According to DuckDuckGo, among the words WebMD shared with user accounts from ad companies were “addiction” and “depression.” WebMD declined to comment.
According to our investigation, it shared scheduling information, including accounts, with dozens of outside companies, including advertisers. The developer did not respond to requests for comment.
What goes on inside the advertising agencies is often a mystery. But ad company ID5, which received information from WebMD, said its job is to generate user IDs that help apps make their ads “more valuable.”
“Our job is to identify customers, not who they are,” said Mathieu Roche, co-founder and CEO of ID5.
Jean-Christophe Peubé, CEO of the adtech company that has since acquired two other adtech firms and renamed it Equative, said data from Drugs.com can be used to put consumers into “categories of interest.”
In a statement to the Post, Pub said interest-based ad targeting is better for privacy than using technologies like cookies to target individuals. But some consumers may not want their health concerns used for advertising.
Knowing you by number or interest group instead of name doesn’t stop advertisers from targeting people with specific health conditions, said Pam Dixon, executive director of the World Privacy Forum, a nonprofit research group.
How we can protect our health information
We agree to the privacy policies of these applications by accepting their privacy policy. But Few of us have time. to the Running through legal entitiessays Andrew Crawford, senior adviser at the Center for Democracy and Technology.
“We quickly click and accept ‘agreed’ without thinking about the potential trade-offs of the down-siders,” he said.
Those transactions can take a few forms, such as our information ending up in the hands of data vendors, employers, insurers, real estate agents, credit providers or law enforcement, privacy experts say.
According to Lee Tien, senior staff attorney at the privacy firm Electronic Frontier Foundation, even small pieces of information can be combined to infer something big in our lives. Those tidbits are called proxy data, and ten years ago, they It helped identify the target. By looking at who bought the unscented lotion, which of the customers were pregnant.
“If you have enough information, identifying people is very, very easy,” Tien said. “Many times companies will tell you, ‘OK, that’s true, but no one has all the information.'” We don’t know how much information companies have.
Some lawmakers are trying to regulate the sharing of health information. California State Assemblywoman Rebecca Bauer-Kahan introduced a bill in February that would redefine “medical information” in the state’s medical privacy law to include information collected by mental health apps. Among other things, this prohibits the apps from exploiting “a consumer’s suspected or confirmed mental health or substance use disorder” outside of providing care.
The Center for Democracy and Technology, along with the industry group eHealth Initiative, has proposed a voluntary framework to help health apps protect data about their users. The definition of “health information” is not limited to services provided by professionals or lists of protected conditions, but includes any information that helps advertisers learn about or understand human health concerns. It also requires companies to publicly and publicly pledge not to link “anonymous” data to any person or device, and for their contractors to make the same pledge.
So what can you do? There are a few ways to limit the information health apps share, such as not linking the app to your Facebook or Google account during sign-in. If you’re using an iPhone, select “Ask the app not to track” when prompted. If you are on Android, reset your Android Ads ID again. Even if you use your phone’s privacy settings, tighten it up iPhone Or Android.
If apps ask for additional data sharing permissions, say no. If you are concerned about the data you have already provided, you can try entering a Data deletion request. Because of the state’s privacy laws, companies are not obligated to comply with the request unless you live in California, but some companies say they will delete information for anyone.
[ad_2]
Source link
