In this study, we analyzed health-advertising tactics of digital medicine companies (n = 5) to evaluate varying types of cross-site-tracking middleware (n = 32) used to extract health information from users. More specifically, we examine how browsing data can be exchanged between digital medicine companies and Facebook for advertising and lead generation and advertising purposes. Our analysis focused on companies offering services to patient advocates in the cancer community who frequently engage on social media. We co-produced this study with public cancer advocates leading or participating in breast cancer groups on Facebook. Following our analysis, we raise policy questions about what constitutes a health privacy breach based on existing federal laws such as the Health Breach Notification Rule and The HIPAA Privacy Rule. We discuss how these common marketing practices enable surveillance and targeting of medical ads to vulnerable patient populations without consent.
Keywords: dark patterns; digital medicine; health privacy; privacy.
© 2022 The Author(s).