State Health Care Exchanges Found Sharing Sensitive User Data with Tech Companies
Health & WellnessUS News

State Health Care Exchanges Found Sharing Sensitive User Data with Tech Companies

34

TL/DR –

State-run health care websites in Nevada, Maine, Massachusetts, and Rhode Island have been sharing users’ sensitive health data with firms such as Google and LinkedIn. These sites were designed to provide a simple way for people to shop for insurance, and ask users questions about their health histories to help find the most relevant information on plans. An audit by The Markup and CalMatters discovered that when users responded to sensitive health queries, invisible trackers sent that data to platforms like Google, LinkedIn, and Snapchat.

Health Exchanges Share Users’ Private Data

Investigations by The Markup and CalMatters have discovered that state-run health care websites across the US have been covertly sharing users’ confidential health data with Google, LinkedIn, and other social media corporations. The health exchanges of Nevada, Maine, Massachusetts, and Rhode Island were found to have shared sensitive user data, including prescription drug names and dosages.

How Was the Data Shared?

The health exchanges, established under the Affordable Care Act, request users to answer a range of questions about their health histories to find the most suitable health coverage plans. However, the trackers embedded in these websites sent the users’ responses to platforms like Google, LinkedIn, and Snapchat. The data was dispatched by website trackers.

Case Examples

Nevada Health Link, the health exchange of Nevada, which asks users about their drug prescriptions to help them find the best health insurance options, was found to have sent users’ answers to LinkedIn and Snapchat. Similarly, Maine’s exchange, CoverME.gov, sent information regarding drug prescriptions and dosages to Google via an analytics tool. Additionally, it also sent the names of doctors and hospitals that individuals had previously visited. Rhode Island’s exchange, HealthSource RI, and Massachusetts Health Connector were also found to have shared sensitive health data.

How Did The Exchanges Respond?

Nevada’s health exchange discontinued sending visitors’ data to Snapchat and LinkedIn after being contacted by The Markup and CalMatters. Likewise, Massachusetts ceased sending data to LinkedIn. Upon being confronted, all of the exchanges argued that individually identifiable health data, such as names and addresses, weren’t sent to third parties. However, each tracker discovered by The Markup and CalMatters logged individual visitor details like their operating system, browser, device, and visit timings.

Tech Companies Respond

Responding to the revelations, tech corporations whose trackers were scrutinized stated that they prohibit organizations from sending them potentially sensitive health data and that doing so goes against their terms of use. They all asserted that they do not seek to identify individuals based on the data received.

Further Incidents

The health exchanges aren’t the only ones found to have shared medical information with social media firms. In 2022, The Markup reported that dozens of hospital websites had shared information with Facebook’s parent company, Meta, via a tool called the Meta Pixel. In 2023, a New York hospital was fined $300,000 for violating the Health Insurance Portability and Accountability Act (HIPAA).


Read More Health & Wellness News ; US News

You might also like More from author