A new report by the Associated Press reveals that the federal government’s health-care website has been sharing users’ personal data with “dozens” of third-party entities, including advertising companies. While the companies are prohibited from using the collected data for personal or business gains, the Obama administration did not explain how it would monitor the companies’ use of the data and enforce that policy.
The administration says that it works with other companies to enhance the user experience of HealthCare.gov, but a former official familiar with the process of government websites working with third parties said that the amount and type of information being provided exceeds the usual standards for quality control of the site. Theresa Payton, who served as White House chief information officer in the Bush administration, warned that enhanced analytics can be used to identify individuals even if third parties are only provide limited information.
“You don’t need all of that data to do customer service,” she told the AP. “We know hackers are just waiting at the door, salivating to get at this data.”
The AP notes that some companies were receiving “highly specific” information, which includes age, income, and health information, such as whether the individual is a smoker. From there, third parties have the capacity to determine other identifying information.