Email:
monthly newsletter on medical billing best practices

Home > Medical Billing Resource Center > Healthcare Privacy on the Web

Surprising Research Results: Healthcare and Consumer Privacy on the Web
by Kevin P. Richardson, President, MedRocket, Inc.

About the Author - Kevin Richardson is a healthcare marketing consultant, executive coach, and writer who provides fresh perspectives and expertise about online healthcare marketing. Sign up for his FREE "MedRocket Ezine" newsletter and discover how to profitably attract and serve healthcare consumers online. Subscribe at http://www.medrocket.com.

privacylockHealthcare marketers and Web administrators: hold onto your mouse pads.

We've just completed some research on the use of online privacy statements by hospitals and health care facilities. I think you'll be as amazed and shocked at the results as I was. But fear not, friends; I've created an online tool for you to use that provides the solution to your challenge at hand.

I suspect that most health care organizations continue to do an excellent job protecting the confidentiality of patient medical information in their bricks and mortar facilities. However, it seems that when many healthcare organizations make the transition to the online world, the distinction between Web site visitor and patient blurs, as does their apparent concern for information confidentiality.

If my research is any indication, hospitals appear to be having a difficult time realizing that they need to create privacy and information use policies to safeguard the personal and medical information provided by Web site visitors. This isn't to say that they aren't concerned about privacy, or that policies aren't in place. Policies that are hidden to visitors, or ones that are full of complex language are of no use to Web visitors.

As several online healthcare businesses have learned during the past year or so, the public and the courts have little tolerance for sloppy operations when it comes to safeguarding personal and health information.

The Results of the Study

Let's take a look at the results. The March 2001 MedRocket study of 895 hospital Web sites randomly selected from among the 1400 U.S sites listed in the HospitalWeb Directory revealed that only 102 health Web sites had created and prominently posted a privacy statement on their main Web page. That's only about 11%.

Privacy statements are intended to explain clearly about when and how Web visitor information will be collected and used. This is important and noteworthy given the significant results of a Nov. 26, 2000 survey released by the Pew Internet & American Life Project. The survey revealed that 86% of Net users expressed concern that a health-related Web site might sell or pass on information about what they did online.

Even among the sites that had posted the policy statements, the content and quality varied considerably. In fact, upon closer examination I also discovered that fewer than two dozen sites had privacy statements that contained at least 6 of the 12 essential privacy disclosure elements. That's only half of our recommended elements.

Some Recommendations for Privacy Statements

Your health site's Privacy Statement describes how your site visitors' personal information may be gathered and used during their visit to the Web site. The statement is an excellent way to demonstrate that your organization is committed to respecting and protecting the privacy of Web site visitors. It's a good practice to feature prominently a link to your privacy statement on your main page and any page where you collect user data. However, it's simple enough to include a link on every page of the site.

In case you're wondering, we identified the key elements of a model privacy statement after evaluating the privacy guidelines for online marketers from the Direct Marketing Association and the Better Business Bureau's Online Privacy Program guidelines. (Both excellent sources -- see our sources and tools section in this newsletter for links.)

The principal 12 elements that should be included in every privacy statement are the following:

  1. Who Is Collecting the Information?
  2. What Information Do We Collect?
  3. How Do We Use the Information We Collect?
  4. With Whom Will the Information Be Shared?
  5. Access and Correction of Personal Information
  6. Additional Use of Personal Information
  7. Use of Cookies
  8. Registration for Access
  9. Security of Communications
  10. Links to Other Sites
  11. Changes in the Privacy Policy
  12. Web Site Contact Information

Furthermore, there are six additional elements that should be included in a privacy statement. Not all will apply to every site, or course. But, I think from the consumer's standpoint that it's better to include the extra information with a line that says something does not apply, rather than omit it entirely.

  1. Preference for Future Use of Information
  2. Advertising Servers
  3. E-Commerce, Online Donations, and Online Shopping
  4. Interactive Services and Tools
  5. Children's Privacy Policy
  6. Modification Date

The Privacy Confusion

Some of the problems I found when reviewing the health sites' privacy statements were confusing language, missing elements, and the addition of language that didn't belong.

A very common mistake, as I see it, was combining language for the site's disclaimer for the use of online health information with the privacy statement. I recommend that you include the disclaimer on your "terms of service" page if you have one. It's just too confusing to lump it in with the privacy statement. Don't do it.

Create Your Own Privacy Policy

As promised, I have a solution to the lack of a privacy statement (or a weak privacy statement) on your health site -- if you happen to have that challenge.

After reviewing the privacy statements of more than 100 health sites, we've created a specialized online health privacy statement generator. The most common issues and language have been incorporated into this tool to improve its versatility as a free resource for all healthcare and health-related Web sites to create and post privacy statements on their sites.

The health privacy statement generator is modeled after the excellent privacy policy generator for online marketers created by the Direct Marketing Association, and relies upon additional information on privacy standards outlined by the Better Business Bureau's Online Privacy Program.

Here's the Link to MedRocket's Privacy Generator:
http://www.medrocket.com/tools/privacy_gen.html



> Return to the Medical Billing Resource Center

 
 
Services | About Us | Case Studies | Medical Billing Resource Center | Contact Us | Links
All Rights Reserved. Copyright © 2004 G&G Advanced Medical Consulting, Inc.