back to top

HealthCare.gov Restricts Access To Personal Data After Privacy Concerns Surface

The website, which serves as an online market exchange for health coverage, was sharing some details about its users with third party data firms. But an Associated Press analysis on Friday found that the site had new restrictions on the data it was sharing.

Originally posted on
Updated on

The Obama administration has scaled back the amount of consumer information that HealthCare.gov shares with private companies.

The changes to the website were made after the Associated Press reported earlier this week that the government health care website was sharing personal information, including users' age, income, ZIP code, and other data.

But by Friday, the amount of information flowing from the site to private companies had been restricted, the AP reported. Obama administration officials did not comment on the changes, but the AP confirmed the changes with the Electronic Frontier Foundation, a civil liberties group.

The government's health insurance website for the Affordable Care Act, HealthCare.gov, is passing along consumer info to outside firms that focus on advertising and analyzing data for performance and marketing, the Associated Press reported Tuesday.

When a user applies for coverage on the website, outside data firms are sent information about the person, including age, income, zip code, smoking habits, pregnancy status, and more.

The information can also include a computer's IP address, which could lead to identifying a person's name or address. It's not clear what other information may be accessible.

The AP report came as President Obama planned to announce new initiative during Tuesday's State of the Union address to protect personal data online against hackers.

The government said the information being disseminated by HealthCare.gov is being used to analyze and improve the consumer experience, and outside firms are not allowed to use the data for their own interests. Third parties that are able to access the data include Google, Twitter, and many online advertising providers.

The AP reported that there is no evidence the personal data has been misused, but it raises specific concerns regarding online privacy. Google and other companies tailor ads to users' interests based on previous internet activity that has been tracked on a computer or mobile device.

Although, Obama spokesman Aaron Albright said outside vendors "are prohibited from using information from these tools on HealthCare.gov for their companies' purposes."

The revelation prompted two high-ranking senators to call on the Obama administration to explain how its ensuring that user data is being protected.

In a letter to the White House, U.S. Senators Orrin Hatch (R-Utah) and Chuck Grassley (R-Iowa), HealthCare.gov contains "very sensitive information about millions of Americans."

"Individuals should know that when they use Healthcare.gov, their information is being properly protected," the senators wrote.

In their letter, Hatch and Grassley asked Centers of Medicare and Medicaid Services Administrator Marilyn Tavenner to respond to their request in September for more information on the security of HealthCare.gov.

They asked for a response to that request by Feb. 3.

"Sharing information for unofficial purposes is completely unacceptable," the letter stated.

The Obama administration has yet to explain how it is protecting users' privacy or how it knows third parties are complying with security policies.

Michelle Broder Van Dyke is a reporter and night editor for BuzzFeed News and is based in Hawaii.

Contact Michelle Broder Van Dyke at michelle@buzzfeed.com.

Jacob Fischler is a political reporter for BuzzFeed News and is based in Washington, D.C.

Contact Jacob Fischler at jacob.fischler@buzzfeed.com.

Got a confidential tip? Submit it here.