A survey conducted for the California HealthCare Foundation found several lapses from policies pledging to guard personal information and e-mail addresses at 21 of the most popular medical Web sites.
include($DOCUMENT_ROOT."/templates/talkback_box.htm"); ?> "The privacy policies of health Web sites do not match up with their own practices," said Janlori Goldman of Georgetown University's Health Privacy Project, which conducted the survey with Internet security consultant Richard Smith.
For example, companies were sharing e-mail addresses and other information when they promised they would not.
Much of the information collected is linked only to a browser or e-mail address. But sites can attach data to names and addresses if users have provided them for registration or in response to health surveys, Smith said.
Many of the sites surveyed share information with advertisers and others without clearly telling visitors, the authors said.
For example, a person might seek information about a particular disease, such as AIDS or depression, thinking he or she was anonymous. But Web sites can track a visitor's movements in several ways, sometimes without telling them.
Click on ads tracked
Companies such as DoubleClick Inc. keep record of which banner advertisements a user clicks on. Seven of the health Web sites surveyed had relationships with DoubleClick (Nasdaq: DCLK), and three had arrangements to provide data to similar companies, the survey said.
"There's a very big problem with personal data being given to banner ad companies ... and it's happening all day long," Smith said, adding that "the value here is tremendous from a marketing standpoint."
Such data-collecting occurs throughout the Internet, but health-care sites ask for far more information than others, Smith said.
While the consequence of health data collection online may be nothing more than unwanted e-mail and advertisements, the study's authors said they worried that sensitive information could wind up in the hands of employers, insurance companies or family members.
"Once a profile can be developed on someone's sensitive personal health information, it can be used in other circumstances, and that makes people anxious," Goldman said.
Goldman said she hoped the findings would prompt health Web sites to strengthen privacy protections and alert consumers any time they were collecting information.
Industry executives are meeting in Washington, D.C. this week to discuss ethics for health Web sites, including how best to protect sensitive medical information.
While companies favor self-regulation, Internet privacy is a top concern of Congress, and some lawmakers believe the government should set minimum standards.