In the US, your medical records are protected by HIPAA but your internet medical browsing history on websites like WebMD is NOT. That is the kind of data that is being sold in ways that may hurt or embarrass you.
If you have any kind of medical problem, even if it’s small, then you absolutely need to learn privacy. Medical data is among the highest paid data that’s collected, sold, and put into databases by a huge number of websites. When you go to research your condition, these medical information websites like WebMD will collect and sell your personal browser fingerprint. You would get a lot out of subscribing for free to our new content by email, by Session messenger, via RSS feed, uncensored Ethereum push notifications, or on Nostr.
The sources for this article can be found here.
Fingerprinting your medical traffic
In our article on browser fingerprinting, we discussed how your PC clock’s time zone, IP address, screen dimensions, operating system version, and more all go into your browsing fingerprint. Combined with cookies, these easily can identify you, especially if you had or are signed into accounts associated with your real name while you browse medical websites.
Your medical browsing history is put into databases. Access to this database is sold to all types of companies, from potential employers to banks deciding whether to give you a personal loan and even to governments trying to track you.
Employers View Medical Data
Medical data isn’t sought out by just insurance companies, but also employers. Employers love this information as a way of screening potential employees to see who might call out sick or take leave. In theory employers need your written permission to access your medical history, but that’s only if the source of the information is the official healthcare records from the provider. [1] There is a huge amount of medical data that is sold by data brokers who get it from phone apps, software, social media scraping, how you navigate online ads, and even the doctor’s websites themselves can leak it to tech firms. [2] [4a] [4b] [6]
To quote The Verge covering a study from The Markup, which later saw congressional overview,
“The Markup found that 33 of the top 100 hospitals in the United States were using a tracker called the Meta Pixel on their websites. Installing the Meta Pixel gives groups access to analytics about Facebook and Instagram ads but also tracks how people are using their websites: the buttons they click, the information they put in forms, and so on.” [4a] [4b]
This study found that in some cases patients conditions, medications, and appointment times were sent to Facebook along with identifying information like an IP address or a Facebook login cookie. [4a] These meta cookies and trackers were built into the sign-up forms or hospital websites themselves so would require elderly patients with severe medical conditions such as Alzheimer’s to have advanced cybersecurity knowledge to avoid having their data leaked.
Data doesn’t stay with Facebook, but is shared with many other technology firms. According to an article from Silicon Republic, Facebook’s own internal documents disclose that it illegally shared user data with dozens of other tech firms long after it had told congress it would discontinue the practice. [3]
In fact, according to Facebook’s own engineers from documents leaked to Vice News in 2021, data spreads so much through Facebook, that it’s not even possible to track it for compliance purposes. This Facebook engineer said quote: “We do not have an adequate level of control and explainability over how our systems use data.” [5] So not only does Facebook violate the law, but compliance would not even be possible. Quote: “We can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do” [5]
Your dating partners will see it
Google will get this medical search history and then display ads when you’re watching Youtube videos with friends or dates. Now whoever you watch content with will know your medical problems at the start of the videos. It’s well-known in dating that people will discriminate against those with medical conditions out of fear of passing it on genetically and the associated financial burden.
In our previous article, we covered how Google abusively sells your data through a cookie to evade European Union regulations and how third parties can effortlessly tap into their spyware ad system to collect data about you. When your romantic date borrows your phone or laptop to look something up, Google ads will be happy to display related medical advertisements and suggestions.
Google does not respect the law regarding medical records. For example in 2017 in the United Kingdom, Google was fined for illegally using 1.6 million British hospital patients records for its DeepMind AI project.
The DeepMind project was not an isolated incident of HIPAA violations. To quote the New York Post and the non-profit Consumer Watch Dog group: “Google has signed a multiyear deal with HCA, an American for-profit operator of medical facilities with 2,000 health-care sites across 21 different states. The agreement will give Google access to millions more patient records — enabling its advertisers to specifically target even victims of sexual abuse as well as those struggling with severe eating disorders.” [6]
Affects your finances and travel
Also this medical history combined with your browser fingerprint, makes you stand out even more, to track you over some unrelated thing on a different website like your cryptocurrency trades.
Now in the United States, there currently are laws that prohibit insurance companies from denying you medical insurance coverage if you have a pre-existing condition. But if you want to leave the US because the political situation has become so unbearable, then you’re going to need an Expat health insurance plan. These plans do real medical underwriting.
To say you don’t care about medical privacy is essentially saying you will never travel. Forever you will be trapped with whatever some overreaching politicians decide.
How to Stop it
Take your privacy to the next level by subscribing for free to our new content by email, by Session messenger, via RSS feed, uncensored Ethereum push notifications, or on Nostr. You can mitigate all of this with some simple knowledge about how to use VPNs, virtual machines, and/or Linux. Simplified Privacy offers custom guided Linux, VPN, and Virtual Machine setups and technical support. In your personal consultation, we’ll guide you through your choice of audio, video, or live texting chat on how to setup or customize these tools to meet your privacy needs. Don’t make mistakes that slow down your internet or computer with a bad setup. Your consultation would be end-to-end encrypted on easy to use apps like Signal or Session, for anonymous cryptocurrency.
The sources for this article can be found here.