WASHINGTON (DC News Now) — Recent reports say hospital websites have collected data from unsuspecting, and potential patients; prompting questions from a healthcare advisory group about HIPAA violations.

A study published in coordination with the University of Pennsylvania outlined potential legal jeopardy hospitals may encounter with third party collection of online consumer information, when users browse their websites.

“These practices can lead to dignitary harms, which occur when third parties gain access to sensitive health information that a person would not wish to share,” an April summary of the study published on HealthAffairs said.

ECRI, an organization that bills itself as as “an independent, nonprofit organization improving the safety, quality, and cost-effectiveness of care across all healthcare settings worldwide” drew recent focus toward the study.

“We have not been made aware of a particular instance where a patient was harmed because of having been advertised the ‘snake oil’ remedies or unproven procedures or unproven therapies,” adding, “but, the likelihood is great because of the amount of data which we access every single day, the amount of time we spend on social media,” Shabacker continued.

After a report by The Markup last June detailing Facebook’s alleged involvement with data collection from hospital websites, the US Department of Health and Human Services shared detailed guidance on how data collection may violate HIPAA rules.

The HHS guidance said groups bound to HIPAA rules — like hospitals — cannot disclose patient health information, saying, “….disclosures of PHI [public health information] to tracking technology vendors for marketing purposes, without individuals’ HIPAA-compliant authorizations, would constitute impermissible disclosures.”

Reginald Bullock III, a technical advisor and cyber security consultant, shared consumer advice to DC News Now about how to avoid further data collection, after online ‘cookies’ have been collected.

Online cookies are files that capture web activity and can help store log-in information for frequently visited websites. They also allow advertisements to appear that consumers may find interesting.

“The cookies aren’t going to put a virus on your computer, but they can give me access to maybe your bank account or they could give me access to your Instagram and your Facebook,” Bullock said.

Conversely, cookies could be unsecured and risky if consumers allow websites to collect them.

“In your [online search tool] privacy setting, there’s going to be a section that you can delete cookies,” Bullock said, adding that consumers can choose to delete “for the past four weeks 24 hours, there’s one for all time. So just make it a monthly habit at the end of the month, just reconcile.”

Users can also enter online search windows where information is not collected, like Google Chrome’s incognito mode or iPhone’s Safari application that offers private mode.