Consumers are increasingly worried about the loss of their privacy, and have heightened concerns when it comes to their health information. They worry that their health information may be used or disclosed inappropriately and leave them vulnerable to unwanted exposure, stigma, discrimination and serious economic losses. They fear that their personal information will be used to deny them health insurance, employment, credit and housing. As a result, consumers sometimes take drastic steps to keep their health information private. According to a 1999 survey, almost one out of six U.S. adults have taken extraordinary steps to maintain the privacy of their medical information.7
They withhold information from their doctors, provide inaccurate or incomplete information, doctor-hop to avoid a consolidated medical record, pay out-of-pocket for care that is covered by their insurance, and even avoid care altogether.8
Consumers engage in privacy-protective behaviors both online and offline. A study released by the Pew Internet & American Life Project last fall found that:
- An overwhelming majority of Internet users who seek health information online are worried that others will find out about their activities: 89% of “health seekers” are worried that Internet companies might sell or give away information, and 85% fear that insurance companies might change their coverage after finding out what online information they accessed.
- 63% of Internet health seekers and 60% of all Internet users oppose the idea of keeping medical records online, even at a secure, password-protected site, because they fear other people will see those records.
- 80% of health seekers say it is important to them that they can get information anonymously. For the most part, users have not shared personal information at health Web sites: only 21% have provided their e-mail address; only 17% have provided their name or other identifying information; and only 9% have participated in an online support group about a health condition. (Note that 54% of all Internet users have shared personal information at other kinds of Web sites.)
The public’s concerns are real. A report by the Health Privacy Project in 1999 documented that major health Web sites lack adequate privacy policies, and their practices are often in conflict with their existing privacy statements.10 For example, third parties may collect personally identifiable information through banner advertisements without host sites disclosing this practice to the user. A subsequent Federal Trade Commission (FTC) investigation of several of these health Web sites found that the sites made changes to their policies in response to the findings of the report. Moreover, many sites do not have adequate security in place to protect consumer information. In recent years, there have been breaches of privacy and security at Web sites of major academic institutions.11