Skip to main content
Skip to navigation

This site is archival. Please visit for up-to-date content.

For Expert Comment: Sensitive medical information vulnerable in social media era

Privacy laws need to ensure that consumers are informed and protected when sharing health data through social networks, MU legal expert writes in JAMA

June 20th, 2018

Story Contact: Liz McCune, 573-882-6212,

The views and opinions expressed in this “for expert comment” release are based on research and/or opinions of the researcher(s) and/or faculty member(s) and do not reflect the University’s official stance.

COLUMBIA, Mo. – Facebook users throughout the world expressed outrage when news broke that their personal information had been shared without their consent with Cambridge Analytica, a United Kingdom-based political consulting firm. Facebook has pledged to do a better job of protecting consumers in the future.

Despite such well-known privacy breaches, many online users have a false sense of security when it comes to sharing their medical information online or in apps. In an article released today in the Journal of the American Medical Association, University of Missouri School of Law Professor Sam Halabi argues that current laws put too many consumers’ sensitive medical information at risk, compromising their privacy.

“Individuals’ health data are now solicited, aggregated, analyzed, shared and sold in ways poorly understood and largely unregulated,” Halabi wrote with co-authors Lawrence Gostin of Georgetown University and Kumanan Wilson of the University of Ottawa. “Currently, there are major gaps and inconsistencies in health privacy safeguards.”

The most well-known U.S. medical privacy law—the Health Insurance Portability and Accountability Act, or HIPAA—safeguards medical information but only for “covered entities,” such as health plans and health care entities. It does not cover data collection by social media, wellness apps and similar services.

To protect consumers, Halabi and his co-authors argue that data protection laws should extend beyond the health care system setting to encompass rapidly advancing data collection technologies.

“Reform need not be difficult,” Halabi said. “For example, a Department of Health and Human Services Taskforce developed guidance for the ethical use of patient-generated health information apps that could be extended to all developers and social media.”

Halabi said that individuals should have the option to disclose online whatever information they wish, but the companies compiling the data should do so in a way in which it’s clear to the user how the data could be used and sold.

“Companies should be able to use these data—with the users’ informed consent,” he said. “Still, law reform should ensure that terms of service are transparent and comprehensible so that consumers can make an informed choice.”

The article, “Health Data and Privacy in the Era of Facebook,” was released in today’s JAMA. Corresponding author Gostin is based at the O’Neill Institute for National and Global Health. Wilson works at the Ottawa Hospital Research Institute. Halabi joined MU in 2017 and is a scholar at the O’Neill Institute for National and Global Health Law at Georgetown University. He is also the 2017-18 Fulbright Chair in Health Law, Policy and Ethics at the University of Ottawa, Ontario. His research focuses on national and global health law with a specialization in the governance structures of firms in health-related sectors.