| Everything for People Concerned About
Smoking & Nonsmokers' Rights FIRST on the Internet for Smoking News and Documents |
|||||||
| . | |||||||
 |
Action on Smoking and Health
A National Legal-Action Antismoking Organization Entirely Supported by Tax-Deductible Contributions
|
||||||
*
UPDATED BELOW: New Handout on Medical/Health Web Site Credibility
ASH's web page is different. Although it provides you with many thousands of pages of information about smoking and health and other related matters, it DOESN'T ask you for information to use the site AND it DOESN'T use any computer "cookies."
Also remember that ASH, unlike
many other medical site, is an .org and NOT a .com.
This means:
xyz.com
= a COMmercial
web site, primarily designed and maintained to make
money
abc.org
= a nonprofit
ORGanization,
primarily designed and maintained to serve
the public
Excerpts from: Medical Web Sites Faulted on Privacy
by John Schwartz, Washington Post [02/01/00]
Medical Web sites say they protect the privacy of visitors, but they often share the information they collect with other companies, a new study has found.
That means that a visitor seeking information on, say, erectile dysfunction might unknowingly be alerting online marketers to his condition. And while Bob Dole might feel comfortable talking about such things on national television, most consumers would not.
"We found that almost across the board, the privacy practices did not match the policies," said Janlori Goldman of the Health Privacy Project at Georgetown University, who conducted the research that went into the report.
The 21 leading health sites reviewed for the report appear to understand the depth of consumer concerns about privacy, Goldman said, noting that the sites sport privacy policies prominently. Goldman said, however, that the companies are not following through on those privacy pledges and so "they're giving people a false sense of confidence and a false sense of trust."
Consumers are turning to the Internet for medical information in record numbers, but a survey released just last week shows that medical privacy online remains a strong concern.
The report, an advance copy of which was provided to The Washington Post, compared consumer health care sites on the Internet to gawky adolescents--with plenty of abilities but little self-control: "They have not matured enough to guarantee the quality of the information, protect consumers from product fraud or inappropriate prescribing, or guarantee the privacy of individuals' information."
The report found that increasingly common mechanisms known as "cookies" (bits of code placed on the user's computer that help a site identify him on return visits), banner advertisements and other technologies for gathering information on visitors make Web surfing a very public experience--even when the user believes he is acting anonymously.
Some of the information from cookies and banner advertisements is collected without informing the visitor that it is happening. A number of Web sites even gathered data that can be used to personally identify visitors and passed it along to third parties "in direct violation of stated privacy policies," the group found.
Of particular concern were relationships with firms such as DoubleClick Inc., which collects information through online "banner ads" and has gathered more than 100 million files on visitors. Eight of the 21 sites reviewed had business relationships with DoubleClick; three more had similar deals with other firms.
By analyzing the underlying code in health-care Web sites, Smith said, he found that the information gathered in a survey or health self-evaluations was being transferred to another site without telling the consumer.
DoubleClick, for example, sends information about which pages the visitor views back to the firm. But that seemingly innocuous Internet address contains a wealth of information--for instance, on the Drkoop.com site, the addresses of the pages contain keywords describing whether the surfer has been to a page about diabetes or other diseases. "None of the sites examined that use ad networks disclosed whether they are doing profiling," the report said. "Nor did they explain what is happening with the data being collected by the ad networks."
Excerpts from: New AT&T product to help protect privacy on the Internet
By: Rick Edvalson The Idaho Business Review [04/14/03]
Imagine the difficulties if insurance companies could find out what medical websites you were visiting, or if companies started sending you unsolicited email on products related to that disease.
You may prefer to avoid websites that do not permit you to review the information they have collected about you, and you may steer clear of those that refuse to remove your name from marketing or mailing lists -- if you knew!
To address these and similar concerns, the World Wide Web Consortium (W3C) -- a quasi-official body that creates standards for commerce on the Web and has a penchant for alliteration and cute acronyms -- has created the Platform for Privacy Preferences Project (P3P).
If a website is P3P-compliant, it will summarize its privacy policies in a way that can be quickly read and interpreted by P3P-compliant web browsers. The browser can, in turn, compare the policies of the website to those of the individual user and alert him or her to any discrepancies.
The P3P initiative is one that I personally strongly endorse. As use of the Web becomes more ubiquitous, and as information-gathering techniques become more sophisticated, I want websites to put their privacy policies where I can find them, understand them, and act on them.
Some websites are already P3P-enabled, but many are not, and most of us cannot tell which is which. As a result, we have no easy way of identifying the websites that do not conform to our own standards of personal privacy. We certainly cannot tell by how they smell.
This is where AT&T's Privacy Bird is helpful. Privacy Bird is free software that allows you to specify your privacy standards and tells you whether any given website conforms or not. The software can be downloaded from www.privacybird.com .
Once installed, a small bird icon appears at the top of your browser window. As you visit websites, the bird appears green if the site has a policy that matches your expectations. It will appear yellow if it cannot tell, and it will appear red if the website does not agree to handle your personal information as you expect it to. I have been surprised at the big-name websites that get the red bird because they don't conform to what I consider basic standards of personal privacy.
If you click on the bird, and select About This Site, Privacy Bird will tell you what about the site's privacy policy is a problem for you. It even provides a link through which you can express your concerns to the site owners.
As personal privacy on the Internet becomes an ever greater concern, the P3P initiative is a good step forward. And until P3P-enabled browsers are widely available, AT&T's Privacy Bird is a helpful way of finding out who respects your privacy and who doesn't.
Billions of bits of personal and health information zip around the Internet universe as you read this. Our hospitals, health plans, and other healthcare organizations are keen on using the Internet to inform, educate, deliver care, and market services.
We've encouraged health consumers to use the Web to pre-register for surgical procedures, get advice from physicians and nurses, and schedule appointments. They submit their daily blood glucose levels, check on the results of their lab tests, and search for detailed health information on every medical ailment and disease from A to Z.
Consumers provide an unprecedented amount of closely guarded information to hospitals and health organizations. We expect them to trust that their privacy will be maintained. But will it?
The Pew Internet & American Life Project found in its August 2000 survey on Trust and Privacy Online that 89% of those who seek health information online are concerned that a health-related Web site might sell or give away information about what they did online.
The real question to ask yourself is this: Is the privacy threat real, or imagined? If you're leaning toward the latter, then here's a simple exercise that just might change your opinion.
You probably think you know all about cookies -- I thought I did before I discovered this nasty little secret that I'm going to share with you now. You see, even the most basic information gathered from "cookies" can be pooled and used to create a profile of your activity across various Web sites.
The secret here is that it's possible for a third party to follow your activities on different Web sites. They can gather, store, and record your personal data, and possibly even distribute it to other companies! Just think of the ramifications of this threat to health information privacy.
For an eye-opening demonstration of how a mythical banner advertising company can use cookies to invade your privacy, check out the cookie demo at: http://www.privacy.net/track
Sure, it's just a simple example of consumer profiling. But it illustrates the need to be completely aware of the information gathering and use practices of any third parties, such as banner ad companies, that operate on your Web site.
Excerpts from: Helping patients use the Web wiselyIncreasingly, patients are relying on the Internet to research health-related questions. As you undoubtedly know, however, not all Web resources are created equal. And because such a wide range of information is available—some of it anonymous and much of it of dubious value—patients need to learn how to evaluate what they find.
The patient handout is from the Web site of the Cancer Information Service,
the National Cancer Institute's information and education division. In addition to advising patients to be skeptical about sites that are poorly documented, vague, out of date, or that don't clearly identify the authors and their credentials, the handout recommends that patients discuss their Internet findings with you.
It also stresses another caveat: Any Web site that asks users for personal information should explain what the site's managers will and won't do with that information.
Other Links:
HON Code of Conduct (HONcode) for medical and health Web sites
Internet Healthcare Coalition
International Code of Ethics
| Home Web Page | Search This Site | Learn About ASH | Why Join ASH | Comment on This | Email This Page |