It is common practice for patients, myself included, to disclose a lot of personal information about our medical situation to digital medical companies on social media platforms like Facebook and Twitter. We disclose information about our treatments, scans, side effects, etc. When we do this, we need to know that this information is tracked and used to generate ads that specifically address our health interests.
We share our health data when they sign up for and use medical apps and websites or share details about our health issues with others on social media. Digital medicine companies and social media platforms track this information and use it to develop targeted ads aimed at both other individuals with specific medical problems and us. They also use this information to generate leads for future marketing purposes.
HIPAA rules bar "covered entities" such as medical practices and hospitals from disclosing our protected health information without first receiving our consent. But for data generated outside the covered entities, there aren't any HIPA protections. Without HIPA protection, we are primarily on our own concerning understanding how companies utilize our personal and health data when we are on social media.
The Light Collective, an advocacy group, based in Eugene, Oregon, along with Andrea Downing and Eric Perakslis, Ph.D., Chief Science and Digital Officer at the Duke Clinical Research Institute in Durham, North Carolina, explored this issue in a study of health-advertising tactics of 5 digital medicine companies, with a focus on five clinical services. They recruited ten patient advocates in the hereditary cancer community and asked them to share data on how their online activities were tracked.
The participants downloaded and shared their JavaScript Object Notation (JSON) files, which reveal how data are transferred between web servers and web apps. To target advertising, the investigators used these files to determine how information flows from health-related websites and apps to Facebook.
The researchers then reviewed the company's websites for third-party ad trackers. They looked at the use of the trackers to determine if they were being used in compliance with the company's privacy policies.
They also looked at Facebook's ad library for each research participant to evaluate whether the health data being mined influenced the types of ads targeted to the participants.
According to Downing and Perakslis, "We demonstrated that personal data and personal health data can be easily obtained without the aid of highly sophisticated cyberattack techniques but with rather commonplace third-party advertising tools," the authors wrote in a paper published in the journal Patterns.
There is nothing wrong with disclosing personal information on social media as long as you always remember that once it is out there, it is available to anyone, including potential advertisers who will use it to target you.