Collaboration SuitesInnovationMarketingProjectsSecuritySocialMediaSoftwareWorkspace

Social Disease: Facebook, Google Track NHS Site Visits

Eric is a veteran British tech journalist, currently editing ChannelBiz for NetMediaEurope. With expertise in security, the channel, and Britain’s startup culture, through his TechBritannia initiative

Facebook and Google know about what illnesses you looked up on your visit to the NHS Choices site

Four third-party companies are tracking users who visit the National Health Service (NHS) website – apparently with the organisation’s blessing.

The NHS Choices site has included links to Facebook, Google, AddThis and WebTrends. Online information control experts at Garlik have pointed out that site allows these organisations to see when a user visits its Conditions pages and to track their subsequent movements.

Social Disease Networking

Users visit these pages to find information on a range of ailments, some of which could cause social embarrassment if the information was leaked. The Conditions pages offer advice on many ailments including binge drinking, testicular cancer, AIDS, thrush and many other confidential problems.

Tom Watson, Labour MP for West Bromwich East, has written to Andrew Lansley, the secretary of state for health, to express his concern. He wrote: “The NHS Choices website is used by members of the public in order to find out facts about ailments they may be suffering from and these illnesses could cause an individual embarrassment if the information was leaked.”

Mischa Tuffield, a developer at Garlik, said in his blog, “Two of the four third-party sites ( and are contacted in order to provide… “social functionality”. This intrusive opt-out method of adding social features to the NHS website, in my opinion is not acceptable. I would only deem this to be acceptable if NHS has written declarations from the two aforementioned services stating that they wouldn’t be tracking peoples’ browsing habits on”

He also complains that, even though the other two sites ( and are used for analytics purposes, it is a task which he feels should not be outsourced to a third party.”

The Facebook ‘Like’ button receives particular criticism from Garlik. In a separate blog, the organisation pointed out that the button is engineered in such a way that, even if it is not clicked but the user has not logged out of Facebook, the information will still be transmitted through the Facebook cookie.

“Given the average user spends 55 mins every day logged into Facebook then there is a pretty good chance of that happening,” wrote Garlik blogger Tom. “So a young mother is logged on to Facebook talking to friends and is also looking for some advice about depression on NHS Choices and, bingo, – although she doesn’t know it – Facebook now knows she has looked at this page. Facebook says that it does not target ads using this information and they will throw it away after 90 days apart from the stuff they use for statistical analysis.”

A spokesperson for NHS Choices would only say that it is the user’s duty to ensure that they log-out of any sites when they are finished using them. But Tom’s example shows that sometimes a user may visit the site while in conversation with a friend on Facebook.

Tom Watson wrote in his letter to Lansley, “We’ve seen how newspapers like the News of the World have used the digital age to hack into the phones of UK citizens.  It would be very embarrassing if people less scrupulous than Sergei [sic] and Larry of Google [Sergey Brin and Larry Page, founders of Google] were to know the individual health fears of the nation.”