Online tracking and privacy on hospital websites

Researchers find that tracking pixels—small pieces of embedded code that can transmit user data to third parties—significantly increase data breach risk on hospital websites. Hilal Atasoy and colleagues analyzed 12 years of archived website data from 1,201 large US hospitals between 2012 and 2023, examining the adoption of pixel tracking and their relationship to data breaches. The authors found pixel tracking in 66% of hospital-year observations, despite stringent privacy regulations. Hospitals using third-party pixels experienced at least a 1.4 percentage point increase in breach probability, representing a 46% relative increase compared to the 3% baseline breach rate. Third-party pixels, which transmit patient data to vendors like Meta and Google, significantly increased breach risk, while first-party pixels that keep data within the hospital showed no significant relationship with breaches. Physical breaches caused by misplaced documents or devices showed no relationship with pixel use, supporting the digital transmission mechanism. According to the authors, the findings reveal a critical regulatory gap in healthcare privacy protections, as tracking pixels operate outside traditional Health Insurance Portability and Accountability Act safeguards. The authors recommend hospitals strengthen data governance policies to protect patient information.