App’s terms of service give away your SSN, medical history

Do you know what you’re agreeing to when you click “I agree” on a website’s terms of service form?

In all likelihood, the answer is no. To read just the privacy statement from every different website they visit in a year, Americans would have to dedicate more than 30 eight-hour work days to the mind-numbing task, according to one study. And the privacy policy is only one part of a website’s terms of service.

Yet by signing terms of service, users may cede control of their intellectual property, agree to be used as research subjects and allow companies to collect and distribute their personal information, including, perhaps, medical information.

NewsHour Weekend Anchor and Senior Correspondent Hari Sreenivasan was troubled recently when he received an email from ZocDoc, a popular medical care scheduling service, describing the company’s terms of use.

In section seven, ZocDoc specifies that it, and others working on the company’s behalf, may use or disclose users’ names, addresses, social security numbers, medical histories, current medical needs and insurance information, as long doing so is in line with ZocDoc’s privacy policy.

The privacy policy states that ZocDoc may transfer users’ personal information to another company in connection with a sale, acquisition or other change of ownership, meaning ZocDoc could transfer user information to separate companies with different terms of use.

Theoretically, if users users want to keep their information private, they can delete their ZocDoc accounts. In that case, ZocDoc promises to delete the account and the information it contains as soon as reasonably possible.

But the company also reserves the right to store all information indefinitely, including information from closed accounts, raising the question of whether a user can expect personal information to disappear entirely.

Update:ZocDoc contacted the PBS NewsHour and provided this statement about their policy for handling customer data:

At ZocDoc, we aim to deliver a better healthcare experience – one that is modern, streamlined and simple. To use some of ZocDoc’s services, patients voluntarily provide information —like insurance details and medical history —that we pass along to their doctors on their behalf. The information patients choose to provide to their doctors via ZocDoc is the very same information they have been sharing for decades via paper, pen and clipboard.

Just like in banking, travel and even online shopping, technology has changed how personal information is transmitted—but the responsibility to protect that information is still of the utmost importance. That’s why all ZocDoc team members are HIPAA trained and oriented around our No. 1 core value: Patients First. We take the greatest care of patient information. We would never share it inappropriately.

Editor’s Note: This article has been updated to clarify that the terms highlighted above were not changed when ZocDoc updated their overall Term of Service.

We’d like to hear from you: Have you found anything in a user agreement that gave you pause or raised privacy concerns? Share your thoughts and stories in the comments below.