Talking balls on Facebook

The NHS Choices website is a cornerstone of the government’s drive for health service efficiency and to move service delivery online. Users can log on to find out more about NHS services, and to use a symptoms checker to understand what might be wrong with them and (hopefully) seek medical attention where appropriate, or save a doctor’s time if their condition turns out to be nothing more than a cold. The site has made an effort to engage with social networking sites, such as integrating the Facebook ‘Like’ button. And as Mischa Tuffield of Garlk has spotted, this is where we get a big privacy FAIL.

Mischa points out that a visit to a NHS Choices conditions page calls on four external service providers:





Two of these – Google Analytics and Webtrends – are used to monitor web traffic. In theory the privacy implications are relatively minor, although in certain scenarios it should be possible to identify an individual user subject to access to other information. It’s odd that the NHS has chosen to use third-party analytic services rather than implementing their own. This problem has been explored in detail elsewhere, so I won’t dwell on it here.

However, the Facebook and Addthiscdn links are there to drive the Facebook ‘like’ service, and this is where our problems begin. If a user visits the page from a browser that they’ve used to access Facebook before, then Facebook automatically gets to know that they’ve been to that particular conditions page. That means that if someone is concerned about a particular condition – let’s say testicular cancer – then if they’ve been to Facebook before, then Facebook gets to find out about that interest. Not good. And it gets worse – let’s say that the user feels they’ve received useful information, and clicks on the ‘Like’ button (or does so accidentally) – then it shows on their Facebook profile, and that’s really not good at all. Imagine being worried you have a serious illness that you don’t want to worry your spouse about, and accidentally clicking ‘Like’ – they get to find out. So does a potential or current employer if they’re checking your profile. The consequences could be very significant indeed.

I’m really quite shocked that NHS Choices has allowed this to happen, and more importantly that they have clearly failed to apply any form of effective Privacy Impact Assessment to how they deliver health information. If they do wish to connect to Facebook or analytics engines, then they should be making it an explicit ‘opt-in’ for the user before any information is shared at all. The NHS’ privacy policy has completely outsourced the problem to Facebook, so that users are left in the dark about the consequences of this functionality.

I’d like to hope that Mischa’s research will force the NHS to modify the website, and that at the very least the functionality will be suspended until the privacy issues have been properly investigated.

[Thanks to Ian for pointing this one out]