Privacy of your online medical records - using health care websites

GothicGremlin

I'm sorry for the deadly dull sound of that subject line, but here's some stuff I learned today.

The short background - my sister Peggy has Kaiser as her insurance, for better or worse. I've generally been okay with them, except for their website shenanigans. Since this last May I haven't been able to use their site when I use Firefox as a browser. I use Firefox along with NoScript enabled (no stray java script gets in). Something with their site changed in May, I'm not sure with what, but I've been on the phone, etc ., etc. trying to get back in.

Today, I was able to get back in using Chrome. I never use Chrome because I can't block scripts from there.

Me being me, I did a compare and contrast between Firefox and Chrome. Scripts that get in with Chrome are ads.twitter, facebook, and doubleclick (doubleclick is an ad network). I found this out by looking at what I have blocked in Firefox. There are a few more that get by but they are mostly analytics sites. I'm still running those down to find out exactly what they do, and if they have an ad network associated with them.

There is no part of me that believes that ad networks need to be running scripts in the background on the Kaiser site, and of course my question is "how much of Peggy's medical record can they see?"

I'll be filing complaints in California to find out.  Like I have nothing else better to do, right?

Iris L.

What do you mean by "running scripts in the background"?  Is there a patient portal, guarded by a password, for lab results, etc?

Iris 

[Deleted User]

The user and all related content has been deleted.

GothicGremlin

Sorry, Iris.   What I mean is that when you visit a page (in my case, Kaiser), Kaiser can run computer code (scripts) from other sites like Facebook, and I have no way of knowing what those scripts are doing. I suspect that means that Facebook can see which pages within the Kaiser site I've visited, and perhaps for how long I was on each page - which might give Facebook information about Peggy's medical issues.

When I use Firefox I run NoScript which tells me which sites want to run code, and NoScript doesn't allow it unless I give my permission -  for each website that wants to run code. Typically I block everything.  And yes, lots of things break on me, but I'm okay with that. But with Kaiser, I have to let more in. I used to be able to allow in only kp.org and a few other Kaiser related scripts, but now Kaiser runs more scripts (including the ad code for Facebook and Twitter) and if I don't let it run, I can't get in.

There's a Chrome extension for NoScript but I haven't tried it yet. My guess is that it might break the Kaiser site like it did when I used Firefox. 

And that's what I'm irritated about. It's the code that Kaiser is forcing me to accept before it lets me check Peggy's medical record. Victoria2020 is right about the secure link (clicking the lock image) to make sure it's the real site.  I do that just to make sure.  I do that here on alzconnected too, because I'm like that.   But I really do not believe that I should have to accept javascript code from ads.twitter to see Peggy's medical record.

GothicGremlin

Oh, and yes, there is a patient portal on Kaiser. I have a separate login and password that I use to check Peggy's medical records. Kaiser also has my POA on file so that they know that I'm authorized to look at her records and make decisions on her behalf.  They also have good privacy checks for when I call them on the phone about Peggy's care.  It's the privacy protections on the website that I have issues with.

[Deleted User]

The user and all related content has been deleted.

GothicGremlin

Victoria2020- yes, that link you provided is the one I use. So I'm seeing the javascript after I've logged in and put in a password. If I wasn't using Firefox with the NoScript add-on, I'd never see the scripts that are irritating me.

I'm going to try to attach a photo so you can see what I'm talking about.  If the photo actually attaches, you can see that I allowed kaiserpermanente.org down at the bottom right of the photo. Everything above it is asking whether or not I want to allow it. Some of the scripts are innocuous - bing.com for search, for example. But why are facebook and twitter there? What can they see me do on the Kaiser site while I'm logged in? That's what I want to know.

GothicGremlin

Victoria2020- yes, that link you provided is the one I use. So I'm seeing the javascript after I've logged in and put in a password. If I wasn't using Firefox with the NoScript add-on, I'd never see the scripts that are irritating me.

I'm going to try to attach a photo so you can see what I'm talking about.  If the photo actually attaches, you can see that I allowed kaiserpermanente.org down at the bottom right of the photo. Everything above it is asking whether or not I want to allow it. Some of the scripts are innocuous - bing.com for search, for example. But why are facebook and twitter there? What can they see me do on the Kaiser site while I'm logged in? That's what I want to know.