As the Federal Trade Commission advocates improved privacy law, a good many consumer health websites allow third-party advertisers to collect and aggregate personal information — making marketing fodder of one's most private and pained concerns.

In a sampling of 20 popular consumer health websites, all 20 contained at least one third-party element, typically six or seven, while 13 allowed tracking of online consumers. Five of the sites came with social media bundling that allows third parties to track a user's social media activity, with or without a click on any social media "sharing" button.

By using free privacy tools such as "Do Not Track Me," researcher Marco D. Huesch found such tracking elements on consumer sites such as New York Times: Health News, Fox News: Health, Health.Com, Men's Health, and MedicalNewsDaily/Mdlinx (not to be confused with Medical Daily).

"Anonymity is threatened by the visible Internet address of the patient's computer or the often unique configuration of the patient's Web browser," Huesch wrote in JAMA Internal Medicine on Monday. "Confidentiality is threatened by the leakage of information to third parties through code on websites [such as social media plug-ins] or implanted on patients' computers" via cookies and other tools.

While many of the third parties collect consumer information to target advertising, such as the "DoubleClick" entity, nearly 300 other such identified entities track consumers in a sneakier and perhaps more nefarious manner, delivering advertising related more directly to the user's known or inferred interests, demographics, and past online behaviors — making use on later occasions of, say, a user's search for "herpes" or "depression."

Although government regulators have asked Congress for greater authority in protecting consumer health privacy, the public fails to understand the privacy implications of such data collection as many businesses ignore established best practices for consumer information, Huesch contends. But the failure by Congress in pending legislation to address these privacy concerns may diminish consumer trust in health websites to access health-related information.

"Threats to privacy are real and are insufficiently addressed in current legislation and regulations," Huesch wrote. "Were such risks to be realized, the ramifications could span embarrassment, discrimination in the labor market, or the deliberate decision by marketers not to offer or advertise particular goods and services to an individual, based solely on the companies' privately gathered knowledge."

However, Huesch also found that health websites from the U.S. government or recognized medical institutions, as opposed to private sites supported by advertising, carried no detectable risk to user privacy.

Earlier in the information age, the United States instituted protections for individual health information under the Health Insurance Portability and Accountability Act of 1996, well before most Americans turned to the Internet for health information.

Source: Huesch MD. Privacy Threats When Seeking Online Health Information. JAMA Internal Medicine. 2013.