Advertisement
YOU ARE HERE: LAT HomeCollectionsWeb Sites

Sometimes, the Web Site Is Watching You Right Back

Privacy: The co-author of a report calling for greater protections for Internet users says health dot-coms must do more.

February 07, 2000|JANE E. ALLEN | TIMES HEALTH WRITER

As consumers become better informed about their own health, they're turning increasingly to the Internet as a trusted source of information.

But while many popular health Web sites promise confidentiality as they offer diagnoses, sell products or conduct detailed health surveys, a check of 21 leading sites found that some third parties, such as online marketers, are casting an invisible eye on visitors' cyberspace travels. Visitors to these sites unknowingly help the companies compile personal profiles.

Janlori Goldman, director of the Health Privacy Project at Georgetown University in Washington, D.C., warns that without better privacy protections, employers, health insurers and others could one day obtain very personal information without your consent.

The California HealthCare Foundation, an Oakland-based health-care philanthropy, last week released "Privacy: Report on the Privacy Policies and Practices of Health Web Sites," written by Goldman and Richard M. Smith, an Internet security consultant in Brookline, Mass. Goldman discussed concerns about privacy policies in an interview.

Question: We know personal health information is sensitive. What did you learn in your research about Internet privacy policies?

Answer: While many health Web sites have privacy policies, those policies don't match up with the sites' actual practices. In many cases, sites do not tell users how their information is collected, by whom and how it may be used.

***

Q: Your report refers to the peril of third-party companies tracking users' Internet activities for marketing purposes. Can you explain that?

A: Right now, the Web allows for many different entities to sit on one site. For instance, the advertisements that appear at the top of many sites, known as banner ads, are placed there by companies that collect information about what users are looking at and what they're doing on a site without the user ever having to actually click on [the ad]. [The information collected] may not [identify an individual], but it may become identifiable if the user voluntarily gives information. When you register at a site, buy a product or fill out a health survey, you're voluntarily giving information. The people who run the banner ads can look back at all the aggregate information they have on you [from other sites you've visited]. Their goal is to try to combine [all that information]. Users are not being told this is happening.

***

Q: On Thursday, the Internet's largest advertising company, DoubleClick Inc., responded to criticism from privacy advocates by saying that it doesn't monitor the movements of health Web site visitors. Are you still concerned?

A: I don't think it's enough for the public to be verbally assured by DoubleClick that it is not going to do anything with health information. We need written, enforceable privacy policies at health Web sites that give people assurance that their personal information will not be used or disclosed without their knowledge and permission.

***

Q: The technology seems to be confusing even some of the companies offering online health information and services. How much of the privacy gap is due to a lack of information within the industry?

A: I think that while the technology is complex and the Web is a different place than your traditional offline health care environment, that's no excuse. If you want to move health-care activities to the Internet, you have to put privacy first. You cannot put people at risk and say, "We did not understand how the technology works."

***

Q: Do you foresee threats to privacy in employment and health insurance?

A: We have been looking at medical privacy for many years, and we know that employers, insurers, co-workers, neighbors and family members all have gotten access to information they didn't need to have. We know there are tremendous pressures to make health information available and use it for a variety of purposes. We know it makes people anxious and worried about how they seek health care. [Another recent survey by the California HealthCare Foundation] showed people are very anxious about using the Internet for health information, for buying prescriptions, for every activity you can imagine. Eighty percent said they'd be more willing to engage in online activities if there was a privacy policy that gave them real control over their information.

***

Q: What kind of policy are you asking companies for?

A: First, they should evaluate their existing privacy policy and make sure it's consistent with their actual practices. Second, they should allow people to be as anonymous as possible at health Web sites. And third, we're asking the Internet health community to come together and develop some kind of standard, clear, enforceable privacy policy so that people don't have to wonder, "What does this privacy policy mean and is it different from this other Web site's?" and "Who does it bind?"

Advertisement
Los Angeles Times Articles
|
|
|