Ninety-six percent of non-federal acute care hospitals' websites share user data with third-parties, an April 11 study published in JAMA Network Open found.
Hospital websites often use tracking technologies that can capture user information and transmit it to third parties such as Google or Snapchat.
According to HHS, HIPAA-regulated entities are not allowed to use tracking technologies in a way that would share private health information with companies that provide these kinds of technologies.
In this study, conducted by researchers at Philadelphia-based University of Pennsylvania, 100 non-federal acute care hospitals' websites were analyzed between November 2023 and January 2024 to assess if they have easy-to-find privacy policies and if those policies tell users about third-party tracking.
The researchers found that 96% of hospital websites shared user data with third-parties, but only 71% had a privacy policy. Among those with such a policy, 56% shared the third-party companies with which they share information.