This is just a guess, but I would assume the hospitals doing this are unaware. They probably just put Google Analytics and Meta’s SDK on their website, completely oblivious to the fact that that shit vacuums up everything on the page, including text box inputs.
this post was submitted on 11 Apr 2024
317 points (98.8% liked)
Technology
57472 readers
3674 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
The bad part is that even if you block everything on the client side with ad/tracker blocking extensions, there's nothing stopping them from collecting data on the server side.
That would be a violation of HIPAA.
I was referring to the website. This article goes in a lot more detail about how it works.
I'm pretty sure they are consulting lawyers to see how much data they can sell to third parties without breaking the law.
For non-medical data, sure. That’s not an uncommon form of data collection. It’s a complete violation of HIPAA to use something like that on medical databases.
Please explain. How can google, Facebook, and such get data out of a hospital web server directly? That would be hacking.
Typically trackers are implemented client side because it's more convenient. It's closer to the user, it can collect more data, and there is only one programming language it needs to support, Javascript.
But the disadvantage is that it can be blocked by the users. Data collection and user tracking can also be done on the server side. There are many analytics packages that support it, including Google Analytics. This is much easier to hide from the users. Here is an article I found on the topic.
It's not hacking because the website developers integrate it willingly.
I remember years ago my friends told me Ghostery did some shady business. Sadly it is difficult to find any useful information about this, between the lots of ads and pop ups (Where have all the blog posts gone ?), but here is something : https://en.wikipedia.org/wiki/Ghostery#Criticism
Doesn't this violate HIPAA, or does HIPAA not cover this?
HIPAA prevents providers from sharing your personal medical data. In this case, you are the one sharing the data by using a third-party portal. Best recommendation is to check-in in person, complete ER forms on paper, and avoid using third-party apps/websites for medical care. Provider-hosted secure portals are protected by HIPAA.
That’s a huge loophole.
Fuck this country. 😬
Write your representatives asking for privacy legislation. The EU’s GDPR is a great example.
Welcome to for-profit healthcare.
Reading this while in an urgent care lmao
Feel better.
Just a sprain :P I should get over it fast. Thank you though :)
I bet they made you use a website or app to check in. And that website wasn't created by the Urgent Care. So everything you entered isn't protected by HIPPA.
They did and probably 😔
I feel like this is ripe for abuse. I’m sure insurance companies purchase this data to screw their customers in some wicked way
I’m not a programmer so I could be wrong… Aren’t using the direct medical apps on your phone (Epic, FollowMyHealth, etc) safer than the web?
Or are they selling that data too?
At first, I found this funny. Then I realized how scary, sad, etc. the reality is.
Companies typically prefer users to use a native app for two reasons. First, the software is sometimes easier to build. Second, they are capable of scraping a vastly larger and more valuable set of data from the user.
Browsers can hit many differs sites, many of which are dangerous. Thus, web browsers have to be as secure as possible to protect users from malicious sites. This includes Facebook, TikTok, every medical site you’ve ever logged into, etc.
I know a lot about software. Personally, I view every installed app as a means of attacking my privacy. If you have the choice and your experience isn’t diminished, use a web browser instead of a native app.
Edit:
Something else to note. The larger companies are almost always much worse. Take a look at Facebook on the Apple Store: https://apps.apple.com/us/app/facebook/id284882215
Go down to App Privacy and View Details. It’s absolutely terrible how much data they collect. Unethical at a minimum. Now compare to Voyager for Lemmy: https://apps.apple.com/us/app/voyager-for-lemmy/id6451429762
“Data Not Collected”
That is definitely some scary shit, thank you. That also piggybacks onto another thought I had, my partner insists on google chrome for everything. (He is a pc and android user). I stay away from google anything and would think because he SAYS he cares about what’s collected, and he admits he isn’t a techie, but then doesn’t want to hear it from me when I say use something Mozilla based and ublock. But nothing is safe anymore. I do use voyager. :)
I ditched chrome (chromium + google propriety spyware) some years ago in favor of Brave browser (chromium + Brave stuff). It was a decent user experience but Brave also does some shady stuff, which you can google easily if interested.
Last year, google poisoned chromium with DRM stuff. They rolled back the changes after a few months but the damage was already done. I, and many others, jumped ship to Firefox and other non-chromium based browsers. Firefox isn’t perfect, but it’s an excellent browser. I’m sticking with it for the foreseeable future. And absolutely use uBlock Origin. Between that and proton VPN features, I don’t see ads anymore. It’s fantastic.
This is called "enumerating badness" and the findings here are both probably not that meaningful and based on a lot of assumptions.
I am curious to see what data is being transmitted, but not a lot is actually revealed by this
“Common data shared included IP addresses, browser info, pages visited, referring site.”
So enough to cross reference with a bazillion other data-brokers online and absolutely pinpoint most people.