The study, published April 11 in JAMA Network Open, analyzed privacy policies on 100 nonfederal acute care hospitals between November 2023 and January 2024.
It found that 96% of hospital websites transmit user information to third parties, but only 71% included a publicly accessible privacy policy. Of those policies, 56.3% disclosed specific third-party companies received user information.
“A substantial number of hospital websites did not present users with adequate information about the privacy implications of website use, either because they lacked a privacy policy or had a privacy policy that contained limited content about third-party recipients of user information,” the study authors wrote.
