According to the Associated Press, when a user applies for healthcare coverage, dozens of data companies with embedded connections within the site are able to track that person’s information, including address and zip code, age, even whether or not that person smokes.
This is despite the fact that the site announces in rather bold typeface, "no personally identifiable information is collected" from users.
Medicare spokesman Aaron Albright said outside vendors "are prohibited from using information from these tools on HealthCare.gov for their companies' purposes," insisting instead that data is used anonymously to gauge user experience and site performance. But the AP was not able to confirm with the administration how user privacy and security policies were being followed.
The only information not tracked on HeathCare.gov are users’ names and social security numbers.
"Anything that is health-related is something very private," tech expert Mehdi Daoudi, CEO of Catchpoint Systems, told AP. "Personally, I look at this, and I am on a government website, and I don't know what is going on between the government and Facebook, and Google, and Twitter. Why is that there?"
While there is no evidence that data collected from HealthCare.gov has been misused, the number of private firms with access to user information sets off alarms for many privacy experts.
"As I look at vendors on a website…they could be another potential point of failure," said corporate cybersecurity consultant and former White House chief information officer under President George W. Bush, Theresa Payton. "Vendor management can often be the weakest link in your privacy and security chain."
Third-party outfits that track website performance are commonplace in the growing world of e-commerce. Facebook and Google harness user data to allow their advertisers more targeted access to their customers. And while HealthCare.gov may not know your name, it may be able to associate your visit to HealthCare.gov with other activity on your computer, according to AP.
HealthCare.gov serves consumers in 37 states, and the administration has a target of signing up 9.1 million people through the insurance exchanges. With the final 2015 enrollment deadline for subsidized private coverage coming up on February 15, the rush of last-minute enrollees should provide data companies with plenty of raw material in the coming weeks.
