An absolute firework show of a joint report between STAT and The Markup cast a spotlight on telehealth companies sharing sensitive patient information with advertisers, and it definitely wasn’t a good look for some of the biggest names in the space.
Over the past few months, STAT and The Markup created accounts and completed onboarding forms on 50 telehealth sites (most major players, notably excluding Teladoc/BetterHelp), then tracked what data was being shared with advertisers such as Google, Facebook, and TikTok.
Of the 50 telehealth websites analyzed, advertisers received information from:
- URLs users visited – 49 sites
- Personal info (name, email, phone) – 35 sites
- When user initiated checkout – 19 sites
- User’s answers to questionnaires – 13 sites
- When user added to cart – 11 sites
- When user created an account – 9 sites
Yikes. One of the stats that stands out the most is the fact that 13 of the websites shared patients’ answers to medical intake questions, such as their migraine frequency or substance use history. All but one of the sites shared the URLs that users visited – gold star for Amazon Clinic – but most of the websites shared information with multiple advertisers.
Here’s how many of the sites shared data with each advertiser:
- Google – 47 sites
- Facebook – 44 sites
- TikTok – 23 sites
- Snapchat – 15 sites
- LinkedIn – 9 sites
- Twitter – 7 sites
You can find the full list of telehealth platforms and the information they shared roughly a third of the way down the report, and the authors were even kind enough to provide a cringe worthy round up of each company’s response.
Telehealth companies often act as middlemen between the patients and providers covered under HIPAA, rather than delivering care themselves, which results in limited protections for the sensitive information they collect.
Most patients probably assume that their health data is always protected, and many of them turn to online solutions for more privacy in the first place. The end of STAT and The Markup’s report included thousands of words from privacy experts and regulators, nearly all of them agreeing that protections like HIPAA need to be reformed for the telehealth era.
Only protecting sensitive information in certain settings is clearly starting to feel out of step with the times, especially when advertisers have the answers to your health intake forms.