Healthcare.gov Exposes Users’ Sensitive Personal Data
Healthcare.gov and the 16 state Obamacare exchanges may still be clunky at signing up people for health insurance, but they’re just great at exposing their sensitive personal user data. According to a February 5 Advertising Age report, Big Brother isn’t just watching – he’s blabbing. And to advertisers, no less.
“People visiting Healthcare.gov, Colorado’s ConnectForHealthCO, California’s CoveredCA or NYStateofHealth lately might get more than information on health insurance plans,” warns Kate Kaye. “They might get ads on Facebook or just about anywhere else they’re traveling online, based on the fact that they visited the health sites.”
The second week of this year, from January 7 through 14, there were some 52 outside data tracking systems installed and active on Healthcare.gov, observed Ghostery, a firm that evaluates how many tracking technologies are on websites and where the information they track goes in real-time. Then, the federal Center s for Medicare and Medicaid Services (CMS) sprang into action – enhancing the encryption on healthcare.gov’s Window Shopping calculator and limiting the amount of private information flowing to third parties for analytics and advertising. But limiting isn’t quite the same as eliminating. By the week of January 24 through 29, that flow of sensitive data had been limited to the mere trickle of 25 trackers, including Twitter Advertising, RocketFuel, Advertising.com, Facebook, and Google-owned Doubleclick. Feel better now?
Maybe the reason the feds at CMS failed to eliminate this hidden tracking is that they’re aiding and abetting it. As CMS Director & Marketplace CEO Kevin Couhnihan admitted in a January 24 press release, “One of the most cost-effective and best ways to reach the uninsured is through digital media and advertising. To do this well, we have contracts with companies that help us to connect interested consumers to HealthCare.gov and continuously measure and improve site performance and our outreach efforts.”
The main “outreach efforts” those third parties improve are their own. Once they capture a consumer’s personal data, they pass it on to advertising exchanges for a process called retargeting, which lets advertisers place banner ads on other websites you visit, send you emails and even badger you with live and robocalls.
If you live in one of the 16 states with their own Obamacare exchanges, your personal data may be even more of an open book. “Several statewide sites established as a result of the Affordable Care Act are also flooded with outside commercial technologies that cookie site visitors and pass that data along to ad-tech partners,” Ad Age reports. Last month, the number of hidden trackers on Colorado’s Obamacare exchange grew to 32. California’s has 23. Rhode Island’s had eight and Oregon’s seven. The remaining 12 states’ exchanges each had five or fewer.
But even one can be too much. As AdAge notes
[O]ne thing is clear: many of the technologies whose tags are embedded on these sites are not used for site operations or analytics purposes, but for advertising. That means at the most basic level, ad technologies tracking visitors to the federal and state health sites can help advertisers such as insurance brokers or other health or medical companies target ads to people who visited government healthcare sites, adding them to audience segments based on interest in health insurance or specific health and medical services.
For instance, both New York’s and Colorado’s health sites were spotted with Facebook Exchange tags in the last week of January. At the very least, that would enable the state sites themselves to send ads to people who have visited those sites, while they’re on Facebook.
Simply expressing interest in health coverage and providing contact information to some state sites including CoverOregon, can result in a barrage of phone calls from health insurance brokers that receive those sales leads through the site.
Justin Brookman, director of the Consumer Privacy Project at the Center for Democracy and Technology, “Given that they collect such sensitive data, and given that they’re government services where people might not have a choice about visiting, I feel like these sites should really only share data with third parties when absolutely necessary,” Justin Brookman, director of the Consumer Privacy Project at the Center for Democracy and Technology, declared.
Making you part of a captive target audience for what Ghostery CEO Scott Meyer likens to “a multichannel strategy” for “a big digital marketing campaign” isn’t exactly necessary. It’s just another overreaching way to put your tax dollars to work.