Ad Tracking on Kaiser Permanente's Patient Health Portal

4 min read

Last night, I logged onto the Kaiser Permanente patient health portal. I hadn't done this in a while.

I use a javascript blocker in my web browser. After logging into the site, I was very surprised to see a call to Google Ad Manager.

Call to Google Ads

This sparked my curiosity, so I decided to run the entire session through an intercepting proxy.

The intercepting proxy showed that Kaiser Permanente permits multiple ad trackers to collect data about people seeking health information from the Kaiser Permanente patient portal. To be clear, I was logged in to the portal - I was not browsing anonymously. The observed trackers specifically target logged in users.

In my very brief test, I observed the following trackers: Google Ad Services, WebTrends, Demdex, Omniture, and Doubleclick (which is part of Google). The screenshot below shows a subset of these trackers, taken from the intercepting proxy. I have saved the proxy logs in case it's ever necessary to review or verify them.

Trackers, after login

Kaiser is very clear in their terms that, in their member health portal, they allow third party ad trackers to collect information about patients at Kaiser that use their health portal.

Their terms lack any details about any limits placed on how these third parties can use the data they collect from patients who have logged in to Kaiser's portal seeking health information. Specifically, the terms do not state that third parties who collect data from Kaiser's patient health portal are prohibited from enhancing or potentially re-identifying people within the data set. It's also worth noting that the "opt out" feature is completely ineffective.

However, even basic information could help advertisers target or exploit users. If a person logs onto the Kaiser site four times in a week, that tells a different story to ad trackers than a person that logs onto the site once a month.

Then, if that same person logs onto the Kaiser patient health portal and heads over to WebMD to look for additional information, data brokers can connect the same individual (via cookie values set on the Kaiser site) to both sites.

This ad tracking takes on an even more invasive and intrusive tone for parents who have linked a child's account, or for an adult who is managing health care for an aging parent or sick spouse or partner. Because Kaiser permits ad trackers on its health portal (or really, on our health portal), these intimate, highly personal moments are exposed to ad trackers and data brokers.

The opportunistic business models of data brokers are clearly documented. Packaging health information is good business for them. Data brokers know that people with health issues or concerns can be more vulnerable. As Frank Pasqualle notes in this piece from 2014, data brokers create and sell multiple lists that target health-related issues:

They have created lists of victims of sexual assault, and lists of people with sexually transmitted diseases. Lists of people who have Alzheimer’s, dementia and AIDS. Lists of the impotent and the depressed.

Because of the language Kaiser has included in their terms, it is clear that Kaiser has made a very intentional decision: they are allowing patients looking for health information to be targeted by ad trackers. Kaiser should provide some additional clarity about this practice, and answering these questions would be a good start:

  • What third party trackers are allowed on the Kaiser Site to collect data about logged in Kaiser patients?
  • How long have these trackers been allowed on Kaiser's Health Portal?
  • For each tracker, what data are collected? How is this data used?
  • Why were these ad trackers chosen over other ad trackers?
  • How much revenue is generated for Kaiser via these ad trackers? What are the precise details of the business arrangement between the ad trackers and Kaiser Permanente?
  • How can a Kaiser patient who uses the portal review all of the data that Kaiser has allowed to be collected about them?
  • How does the placement of these ad trackers on the Kaiser Permanente web site, that collect information about logged in users, improve patient outcomes?

I will be contacting Kaiser directly to share these concerns, and I will update this post and/or write follow up posts to share what I learn.