A woman using a laptop to Google her medical symptoms.

Ever felt an odd stomach pain or noticed a strange rash and sought guidance by typing your symptoms into Google? If so, you’re not alone, according to Consumer Reports’ latest medical privacy survey, a nationally representative phone survey of U.S. adults.

But by looking up information about you or your family’s health online, you may be revealing more information than you realize.

In the past year, our survey found, 65 percent of Americans used an internet search or went to medical websites to learn about medical conditions that they (or friends or family members) might have. That’s not counting people who used their healthcare provider’s patient portal or insurance company’s website.

More on Medical Privacy

“It’s unavoidable,” says Justin Brookman, privacy director for Consumers Union, the advocacy division of Consumer Reports. “If your kid is coughing, you’re going to look it up,” he says.

Nearly two-thirds of those people were aware that their searches could be stored and shared with third parties, but the possibility hadn’t occurred to the other respondents.

Looking for medical information online can lead to two potentially big problems. First, the internet is rife is unreliable health advice, which can result in false conclusions, unnecessary fear, and incorrect self-diagnosis. Second, by searching for information about your health, you may inadvertently share that personal medical data with advertisers and other third parties, putting your privacy and security at risk.

And while the Health Insurance Portability and Accountability Act protects the privacy of certain personal health information, “If it comes out of your mouth or your keyboard, it’s not covered by HIPAA—or any law I know of,” says Lee Tien, a senior staff attorney at the Electronic Frontier Foundation.

Consumer Reports spoke with researchers in the field of online medical information to find out how to best use internet searches to investigate your medical symptoms. We also consulted privacy experts to find out the true risk of sharing medical information online and whether there’s a safe way to search.

Here’s what you need to know. 

Is Online Medical Information Accurate?

The experts we spoke with said that while some medical information online can be helpful, it’s important to keep a skeptical mindset.

“Dr. Google can be a dangerous physician to visit,” says Bennett Shenker, M.D., assistant professor of family medicine and community health in the Rutgers Robert Wood Johnson Medical School family medicine residency at CentraState Medical Center. 

In one 2014 study, Shenker used three major search engines (Ask, Bing, and Google) to search for symptoms. He evaluated the top five results from each engine.

He found that for relatively common diseases—those that a primary care physician might see several cases of each week—the results contained an accurate diagnosis about 70 percent of the time. However, other research he has conducted reveals that “as you start to get to more and more unusual diseases, the [success] rates start to drop off fairly dramatically,” he says—to about 30 percent for the rarest of conditions.

Shenker’s advice: Don’t type your symptoms into the search bar and click on the first result that comes up. Instead, seek out answers from reputable sources, including U.S. government sites like the Centers for Disease Control and Prevention and the National Institutes of Health. The CDC has a page with an A-to-Z list of conditions, and the NIH contains 27 institutes, many of which specialize in different types of diseases or health problems and provide information to the public.

Other sites offer symptom checkers—interactive tools that take information about your symptoms and give you a list of possible causes. (For example, check out Mayo Clinic’s checker here.) Ateev Mehrotra, M.D., associate professor of healthcare policy and medicine at Harvard Medical School, who has studied these tools, says limited evidence suggests they may be slightly more accurate than simply typing symptoms into a search engine.

In a 2015 study, Mehrotra looked at the performance of several symptom trackers and identified one common flaw: They may recommend seeking medical care when you don’t need to, partially as a way to protect themselves from any liability. You might not actually need to see the doctor for a case of the sniffles, but a symptom checker may suggest you get checked out just in case.

Your Personal Information, Revealed

Googling your medical symptoms or looking for information online may feel like a private experience—after all, there’s no doctor or nurse involved; it’s just you and your computer.

But when you visit a web page, third parties—entities other than you and the site you’re visiting—can often see when you access a page. The third parties might be ones you’re familiar with, such as Facebook, Google, and Twitter, which can track some of your online behavior even when you’re not using them directly—or they might be advertising and analytics companies you’ve never heard of.

Tim Libert, Ph.D., a researcher in the department of computer science at the University of Oxford, compares searching the internet to looking into a two-sided mirror. “Behind the mirror is a whole mysterious world of companies who are watching what you do,” he says. In a 2015 study (PDF), Libert reviewed more than 80,000 web pages containing information about common diseases and found that more than 90 percent delivered users’ data to third parties, such as Adobe, Amazon, Facebook, Pinterest, and more.

A main goal of all this tracking is to target you with advertisements.

In Consumer Reports’ medical privacy survey, 45 percent of respondents said they’d seen ads online that were personalized based on their health information or medical searches—like an ad for cold medicine after they’d searched for “cold symptoms.”

Of those who’d seen such ads, half called the experience “creepy.” Some—17 percent—found it convenient.

But beyond the potential creepiness, there’s more harm that could potentially arise.

One may be simple embarrassment. Suppose you look up a medical problem on a computer you share at home or work, such as a sexually transmitted infection. You might later be served a related ad that one of your fellow users can see—revealing information about yourself that you might have preferred to keep private.

More sinister harms are possible, too. One problem, notes CR’s Brookman: The profiles of data that companies have on you may not be anonymous, or separated from personal identifying information, like your name, address, phone number, and more. Some companies, such as Facebook and Google, ask for that information when you sign up for their service. Other third parties may be able to pick up personal information by tracking your activity on sites that require you to log in.

Tien, of the Electronic Frontier Foundation, says you could end up on a mailing list for a chronic disease you have, or even on a list for lawyers looking for cases tied to specific medical conditions. 

The biggest companies, such as Google, say they don’t give away your identifying information when they sell data to other firms, sharing only an anonymized profile. But, Brookman says, there’s no guarantee that an unscrupulous company could not sell the profile they have of you, name and address included, to other buyers. It’s possible, for example, that your data could appear on a background check for employment.

Another possibility, Libert says, is that an ad company that has collected a profile of you based on your internet searching and browsing history may not have adequate data protection in place. That means your profile, including any health information it contains, could be vulnerable to being stolen by a hacker.

Armed with your name, personal information, and details of potential medical conditions, a thief may have enough details about you to steal your medical identity.

That may seem far-fetched, says Eva Velasquez, president and CEO of the Identity Theft Resource Center, a nonprofit group based in San Diego, but she explains that the more pieces of information about you a thief has, the more effectively they can pretend to be you.

What You Can Do

Most of us would find swearing off internet medical searches difficult to do. But you can take steps to help protect your privacy.

Velasquez says it’s reasonable to take precautions when you're looking up sensitive information. You may not need to worry about looking up cold symptoms, for instance—but you might want to keep private a search for information related to a less common problem that may be more easily tied to you.

Here are some tips for the next time you’re searching for medical information online: 

  1. Use tools that keep your identity secret when you search. For instance, you can use the search engine Duck Duck Go, which says it doesn’t track, store, or share your search history. (Once you click onto a web page from the search results, however, third parties may still be able to see that activity.) Brookman also recommends an app called Disconnect, that blocks third-party trackers (a free plan protects your browser and a paid plan protects your entire device or computer). Other ad blockers can accomplish a similar result. You can also change some browser settings to help block certain trackers. See our guide to controlling web cookies and boosting online privacy.
  2. Try a VPN. A virtual private network keeps your online activity private when you’re using a public network. Get in-depth advice on picking a VPN.
  3. For the most technically savvy: Try the Tor browser. Tor is a browser that purports to keep you anonymous, or “as close as you can be to being anonymous on the web,” according to Libert. The drawback is that it’s not very user-friendly, Velasquez says, and may be best for people who have some tech savvy.  

Consumer Reports privacy experts offer additional advice for keeping your information safe: Do our 10-minute digital privacy tuneup and check out these 66 ways to protect your privacy right now.