A joint investigation by STAT News and The Markup looked at 50 direct-to-consumer telehealth companies and found that they were leaking sensitive medical information to the world’s largest advertising platforms.
Of the 50 virtual care companies analyzed, 49 sent URLs users visited on the site and their IP addresses, and 35 shared users’ personal information, such as full name, email, and phones, with tech giants.
Trackers on 25 sites shared with at least one platform that the user had added an item to their cart or checked out with a subscription for a treatment plan.
On 13 websites, researchers found at least one tracker that collected patients’ answers to medical intake questions.
The research found that Google tracked 47 analyzed sites, Facebook tracked 44 sites, and Bling — 27 sites. Other tech companies tracking sensitive information were TikTok, Snapchat, Pinterest, Linkedin, and Twitter.
Researchers, however, could not independently confirm how and whether tech companies used the sensitive data they collected.
Health privacy experts say that sharing such sensitive medical information threatens patient privacy, STAT News reports. Moreover, they note that privacy regulations like the Health Insurance Portability and Accountability Act (HIPAA) were not built for telehealth, leaving “ethical and moral gray areas.”