Image

5:13 PM / Monday February 10, 2025

23 Jan 2015

New privacy concerns over government’s health care website

  • Facebook
  • Twitter
January 23, 2015 Category: Week In Review Posted by:

By Ricardo Alonso-Zaldivar and Jack Gillum

Associated Press

WASHINGTON — The government’s health insurance website is quietly passing along consumers’ personal data to outside websites, just as President Barack Obama is calling for stronger cybersecurity protections.

It works like this: When you apply for coverage on HealthCare.gov, dozens of data companies may be able to tell that you are on the site. Some can even glean details such as your age, income, ZIP code, whether you smoke or if you are pregnant.

HealthCare.gov contains embedded connections to multiple data firms that the administration says generate analysis to improve the consumer experience. Officials say outside firms are barred from using the data to further their own business interests.

Still, ever-evolving technology allows for individual Internet users to be tracked, building profiles coveted by advertisers.

Connections to third-party tech firms were documented by technology experts who analyzed HealthCare.gov, and confirmed by The Associated Press. There is no evidence that personal information from HealthCare.gov has been misused, but the high number of outside connections is raising questions.

“As I look at vendors on a website…they could be another potential point of failure,” said corporate cybersecurity consultant Theresa Payton. “Vendor management can often be the weakest link in your privacy and security chain.”

A former White House chief information officer under President George W. Bush, she said the large number of outside connections on HealthCare.gov seems like “overkill” and makes it “kind of an outlier” among government websites.

The privacy concerns come against the backdrop Obama’s new initiative to protect personal data online, a highlight of his State of the Union message scheduled for Tuesday night. The administration is getting the health care website ready for the final enrollment drive of 2015, aiming to have more than 9 million people signed up by Feb. 15 for subsidized private coverage.

Spokesman Aaron Albright said outside vendors “are prohibited from using information from these tools on HealthCare.gov for their companies’ purposes.” The government uses them to measure the performance of HealthCare.gov so consumers get “a simpler, more streamlined and intuitive experience,” he added.

The administration did not explain how it ensures that its privacy and security policies are being followed.

Albright said Tuesday that HealthCare.gov comports with standards set by the federal National Institute for Standards and Technology. But recent NIST guidance cautions that collecting bits of seemingly random data can be used to piece together someone’s identity.

In a recent visit to the site, AP found that certain personal details — including age, income, and whether you smoke — were being passed along likely without your knowledge to advertising and Web analytics sites.

Third-party outfits that track website performance are a standard part of e-commerce. HealthCare.gov’s privacy policy says in boldface that “no personally identifiable information is collected” by these web measurement tools.

Google said Monday it doesn’t allow its systems to target ads based on health or medical history information. “We don’t want and don’t use that kind of data,” the company said in a statement. “When we learn of possible violations of this policy, we investigate and take swift action.”

Still, the outside connections surprised a tech expert who evaluated HealthCare.gov’s performance for AP.

“Anything that is health-related is something very private,” said Mehdi Daoudi, CEO of Catchpoint Systems. “Personally, I look at this, and I am on a government website, and I don’t know what is going on between the government and Facebook, and Google, and Twitter. Why is that there?”

Created under the president’s health care law, HealthCare.gov is the online gateway to government-subsidized private insurance for people who lack coverage on the job.

Tracking consumers’ Internet searches is a lucrative business, helping Google, Facebook and others tailor ads to customers’ interests. Because your computer and mobile devices can be assigned an individual signature, profiles of Internet users can be pieced together, generating lists that have commercial value.

Third-party sites embedded on HealthCare.gov can’t see your name, birth date or Social Security number. But they may be able to correlate the fact that your computer accessed the government website with your other Internet activities.

Have you been researching a chronic illness like coronary artery blockage? Do you shop online for smoking-cessation aids? Are you investigating genetic markers for a certain type of breast cancer? Are you seeking help for financial problems, or for an addiction?

Daoudi’s company — Catchpoint Systems— came across some 50 third-party connections embedded on HealthCare.gov. They attracted attention because such connections can slow down websites. They work in the background, unseen to most consumers.

The AP was able to replicate the results. In one 10-minute visit to HealthCare.gov recently, dozens of websites were accessed behind the scenes. They included Google’s data-analytics service, Twitter, Facebook and a host of online advertising providers.

Aldo Cortesi, a security consultant who reviewed the AP’s findings, found a number of third-party trackers that could log a user’s actions in detail. Cortesi said there can be legitimate uses for such trackers, but said questions linger over the level of detailed information that could be sent to private parties.

“I think that this could erode … confidentiality when dealing with medical data and medical information,” said Cooper Quintin, a staff technologist with the Electronic Frontier Foundation, a civil liberties group. He also reviewed the AP’s results.

HealthCare.gov is currently serving consumers in 37 states, while the remaining states operate their own insurance markets.

  • Facebook
  • Twitter

Leave a Comment

Recent News

Color Of Money

Pennsylvania governor seeks more money for schools and transit, but relies heavily on surplus cash

February 10, 2025

Share Tweet Email Governor Josh Shapiro presents his 2025-26 budget proposal to the Pa. General Assembly, as...

Seniors

How Type 2 inflammation contributes to asthma, COPD, and allergic conditions

February 3, 2025

Share Tweet Email BPT Do you live with persistent, moderate-to-severe asthma, COPD, allergies, eczema or hives? Inflammation...

SUNrise

cj speaks…Celebrating in forgiveness for Black History Month

February 10, 2025

Share Tweet Email By cj “This is the day the Lord has made; we will rejoice and...

Week In Review

Black History Month explained: Its origins, celebrations and myths

February 10, 2025

Share Tweet Email This undated photo provided by the Association for the Study of African American Life...

Commentary

Commentary: The Retirement Party

January 19, 2025

Share Tweet Email President Joe Biden speaks about student loan debt at Madison College, April 8, 2024,...

Health

What you need to know about glaucoma

February 10, 2025

Share Tweet Email FAMILY FEATURES More than 4.2 million Americans live with glaucoma, a leading cause of...

The Philadelphia Sunday Sun Staff