Healthcare.gov consumer data going to private firms

January 21, 2015

Some consumer data gleaned from the federal healthcare.gov website is being shared with private companies, the Associated Press (AP) is reporting. And while no evidence exists that the information is being used illegally or improperly, the disclosure is raising concerns among lawmakers and privacy advocates.

“The scope of what is disclosed or how it might be used was not immediately clear, but it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant,” the AP says. “It can include a computer’s Internet address, which can identify a person’s name or address when combined with other information collected by sophisticated online marketing or advertising firms.”

The Electronic Frontier Foundation (EFF), a privacy watchdog organization, says it has confirmed the AP’s reporting, and that information from Healthcare.gov is being sent to at least 14 third-party domains, including Google.com, Twitter.com, Yahoo.com, and Youtube.com.

“It’s especially troubling that the U.S. government is sending personal information to commercial companies on a website that’s touted as the place for people to obtain healthcare coverage,” Cooper Quintin, an EFF staff technologist, wrote on the EFF website. “Google…certainly has information uniquely identifying someone using Google services. If a real identity is linked to the information received from Healthcare.gov it would be a massive violation of privacy for users of the site.”

“This new information is extremely concerning, not only because it violates the privacy of millions of Americans, but because it may potentially compromise their security,” Republican senators Orrin Hatch (R-Utah) and Charles Grassley (R-Iowa) wrote to Marilyn Tavenner, administrator of the Centers for Medicare & Medicaid Services, which oversees Healthcare.gov. “Sharing that information for unofficial purposes is completely unacceptable.”

According to the AP, the Obama administration sys Healthcare.gov’s ties to the outside websites are meant to improve the user’s experience, and that the firms are prohibited from using consumers’ data for their own business interests.