The NHS Choices website is a cornerstone of the government’s drive for health service efficiency and to move service delivery online. Users can log on to find out more about NHS services, and to use a symptoms checker to understand what might be wrong with them and (hopefully) seek medical attention where appropriate, or save a doctor’s time if their condition turns out to be nothing more than a cold. The site has made an effort to engage with social networking sites, such as integrating the Facebook ‘Like’ button. And as Mischa Tuffield of Garlk has spotted, this is where we get a big privacy FAIL.
Mischa points out that a visit to a NHS Choices conditions page calls on four external service providers:
Two of these – Google Analytics and Webtrends – are used to monitor web traffic. In theory the privacy implications are relatively minor, although in certain scenarios it should be possible to identify an individual user subject to access to other information. It’s odd that the NHS has chosen to use third-party analytic services rather than implementing their own. This problem has been explored in detail elsewhere, so I won’t dwell on it here.
However, the Facebook and Addthiscdn links are there to drive the Facebook ‘like’ service, and this is where our problems begin. If a user visits the page from a browser that they’ve used to access Facebook before, then Facebook automatically gets to know that they’ve been to that particular conditions page. That means that if someone is concerned about a particular condition – let’s say testicular cancer – then if they’ve been to Facebook before, then Facebook gets to find out about that interest. Not good. And it gets worse – let’s say that the user feels they’ve received useful information, and clicks on the ‘Like’ button (or does so accidentally) – then it shows on their Facebook profile, and that’s really not good at all. Imagine being worried you have a serious illness that you don’t want to worry your spouse about, and accidentally clicking ‘Like’ – they get to find out. So does a potential or current employer if they’re checking your profile. The consequences could be very significant indeed.
I’d like to hope that Mischa’s research will force the NHS to modify the website, and that at the very least the functionality will be suspended until the privacy issues have been properly investigated.
[Thanks to Ian for pointing this one out]