Healthcare.gov Sends Personal Data To Over a Dozen Tracking Websites

An anonymous reader tips an Associated Press report saying that Healthcare.gov is sending users' personal data to private companies. The information involved is typical ad-related analytic data: "...it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer's Internet address, which can identify a person's name or address when combined with other information collected by sophisticated online marketing or advertising firms." The Electronic Frontier Foundation confirmed the report, saying that data is being sent from Healthcare.gov to at least 14 third-party domains.

The EFF says, "Sending such personal information raises significant privacy concerns. A company like Doubleclick, for example, could match up the personal data provided by healthcare.gov with an already extensive trove of information about what you read online and what your buying preferences are to create an extremely detailed profile of exactly who you are and what your interests are. It could do all this based on a tracking cookie that it sets which would be the same across any site you visit. Based on this data, Doubleclick could start showing you smoking ads or infer your risk of cancer based on where you live, how old you are and your status as a smoker. Doubleclick might start to show you ads related to pregnancy, which could have embarrassing and potentially dangerous consequences such as when Target notified a woman's family that she was pregnant before she even told them. "

Who expected differently?

You didn't need to be a drooling FoxNews zombie to see that Healthcare.gov was a bad idea.

Re:Who expected differently?

no, but you needed to not be a drooling MSNBC idiot. Granted their viewership is under a 600K people so I wonder how the hell this idiot get elected president

He's the right color so the greatest PR money could buy convinced tons of poor innercity blacks that this Harvard law professor really understands what life is like in the ghetto, is truly one of their own, and really wants to help them gain opportunities and is not a member of the monied political class at all. Automatically getting about 13% of the vote is a great start to any campaign, that plus the approximately 50% who vote Democrat anyway and you get to be president.

Till we actually have a colorblind society and stop playing groups against each other divide-and-conquer style, expect more of the same. The goal is that something other than reason and fitness for the job become the main voting criteria. They do it because it still works. Oh and anybody who thinks a candidate endorsed by either major party is going to really change the status quo is just plain stupid. The purpose of the major parties is to maintain the status quo and see that it changes only very slowly, with only major movements backed up by tremendous perserverence (i.e. women's suffrage, the Civil Rights Movement) able to actually change anything, that way the various monied interests that put candidates into office feel like their investments are protected. It isn't about representing you at all.

Re:Who expected differently?

[jandersen]

You didn't need to be a drooling FoxNews zombie to see that Healthcare.gov was a bad idea.

But the reason it is a bad idea is not that all government does is bad - rather this illustrates why things like this should be managed by a body that is guaranteed to not be in bed with business and is stricly regulated. Whether or not this can be called corruption in the legal sense, it certainly is morally corrupt.

Re:Who expected differently?

"Till we actually have a colorblind society and stop playing groups against each other"

Never going to happen -- there is just too much power and money to be made in dividing people into groups and pitting them against each other - and not always in a deathmatch style. You just need to convince a group that they are special or deserve something another group has....rinse and repeat per group.

Re:Who expected differently?

There is no such thing as "a body that is guaranteed to not be in bed with business."

Also, "strictly regulated" often just means "whitewashed by some taxpayer-funded agency with no teeth."

Rather than "strictly regulated" we need "transparent and publicly accountable" in order to resist corruption.

Re:Who expected differently?

They don't? When did that stop?

Re:Who expected differently?

[Tailhook]

Because Dems don't look to their angry leftist commentators to be told how to think?

Sharpton's regular broadcast just started as I read your bullshit. I listen to his hate mongering on WVON out of Chicago. You have no idea what you're talking about.

The callers are the best part. They've all been filled with hate from birth and many of them want violence.

Re:Who expected differently?

[Archangel+Michael]

Tell me, when is Government not in bed with business? Crony Capitalism is no better than a corrupt Bureaucracy that targets citizens, instead of serving them.

Government isn't the solution to problems, it is largely responsible for them. Here is the process.

People complain about problem, government "Fixes" the problem, but generates three new problems. Repeat.

And fixing the problems government creates is as simple as raising taxes and giving the money away to voters. All those programs and shit that we spend inordinate amounts of money on, are not solving the problems they were created for. War on Poverty/Great Society hasn't stopped poverty, and from the looks of it (where I am) it is actually worse now than I have ever seen since Jimmy Carter.

But you all keep believing government is going to solve the problems it created, but I think that is pure insanity.

Re:Who expected differently?

[vux984]

He's the right color so the greatest PR money could buy convinced tons of poor innercity blacks that this [successful person] really understands what life is like in the ghetto, is truly one of their own, and really wants to help them gain opportunities and is not a member of the monied political class at all. Automatically getting about 13% of the vote is a great start to any campaign, that plus the approximately 50% who vote [Republican] anyway and you get to be president.

It's so simple, kids, and that's why we have President Herman Cain. And its why all the last six presidents have been black. black vote + 50% partisan vote... its just an unbeatable combo.

Nice theory you got there, but reality turns out to be just a little more complicated. Now if voters were frictionless spheres in a vaccuum... then maybe you'd have something.

Re:Who expected differently?

The problem (of government more-or-less selling private health data) isn't one that affects governments universally by any means. The US unfortunately just has a particularly nasty crony capitalism problem.
The UK government has lunged in that direction with data being sold (without name, but with DOB and postcode) to actuaries. The result was uproar, but the practice has continued, so certainly the US government is certainly not the only one engaging in this nonsense.

However, they are the exceptions, not the rule.

Re: Who expected differently?

[NickGnome]

"things like this should be managed by a body that is guaranteed to not be in bed with business and is stricly regulated."
...

"There is no such thing as 'a body that is guaranteed to not be in bed with business'."

A dead body might be in bed with a business, and yet not corrupt (or perhaps you were thinking about Obummer's and Shrub's Communist Corpse effort to pervert education, now there's a corrupt body). But experience shows that any other body -- government or business -- in such a scheme is virtually certain to be corrupt... in the immediate sense of demanding and then spreading around personal private data.

Re:Who expected differently?

[jandersen]

Tell me, when is Government not in bed with business?

I don't know. I think a better question is HOW: how can we achieve that? I'm all for free market and enough inequality to drive people's ambition to better themselves, but free markets have, without exception, always become corrupted, so they support only monopolies in the end, and inequality tends to grow in the same way: hence the recent news that the richest 1% very own > 50% of all wealth globally.

Somewhere in the solution to this, democracy looms large, but democracy only works if the overwhelming majority play by the rules, and if everybody actually cares. And, as another answer states, transparency is crucial in ensuring that both of these factors can be realised.

But you all keep believing government is going to solve the problems it created, but I think that is pure insanity.

Good government CAN solve the problems, but good government does not exist unless people are willing to put in the effort to make it happen.

Re:Who expected differently?

[lonecrow]

should have went single payer and avoided this hybrid wierdness

Big Brother & Max Headroom all in one.

[Z00L00K]

There's nowhere to escape the targeted ads and you can't turn them off.

Re: Big Brother & Max Headroom all in one.

Give up your American citizenship.

Re:Big Brother & Max Headroom all in one.

[fxsoap]

your only hope is that Adblock Plus will work when your health is involved

who cares

Why should I care about privacy when there's more important issues in the world like getting mayonnaise recognized as a legitimate gender?

Jeez you tinfoilers really are autistic.

Sincerely,
mayo-sha, the mayokin blogger
(LEARN MY PRONOUS: mayo, mayor, mayo)

Can anyone think of

a bigger fuckup than Obamacare?

Re:Can anyone think of

Slashdot Beta

Re:Can anyone think of

systemd

Re:Can anyone think of

Iraq war.

Re:Can anyone think of

a bigger fuckup than Obamacare?

Obama?

Re:Can anyone think of

[B33rNinj4]

TARP comes to mind.

Re:Can anyone think of

[l3v1]

Lehman Brothers...

Re: Can anyone think of

Linux on the desktop

Re:Can anyone think of

Repealing Glass-Steagall?

Re:Can anyone think of

You can blame the republicans for that, more than one way.

Re:Can anyone think of

[ultranova]

Given that half of the government is trying to actively sabotage Obamacare for ideological reasons, should its problems be considered failures or successes?

But to answer your question, just wait until Republicans get the presidential seat too. They can't outright repeal Obamacare, since it has already benefited enough people to make that a political suicide, but they can cause "unfortunate fuckups" to slowly erode it away.

We might be in for stormy weather, with Republicans in the US, various extremist movements rising as people get fed p with austerity in Europe, Islam being used to recruit cannon fodder fodder for various megalomaniacs empire building projects here and there, Chinese government trying to retain dictatorship while its economy starts catching up the rest of the world and the boom consequently fading...

Re:Can anyone think of

[Jawnn]

a bigger fuckup than Obamacare?

You keep using that word. I do not think that it means what you think it means. Unless, of course, you consider the failure to implement a more efficient single-payer system to be a "fuckup". On that, we'd agree, but for the vast majority of Americans, The Affordable Care Act is a net win as is.

Re:Can anyone think of

TARP actually made a profit because in exchange for cash it got shares of the companies it was bailing out. It then sold those shares back for more than the cash it gave out. That plus the companies not going out of business most folks would call a success, not a fuckup.

Re:Can anyone think of

Without the specifics, here is what I'd like to see.

Single-payer universal health care based on a Medicaid/Medicare hybrid.
Prescription drug patent reform
New requirements for colleges in order to receive federal aid, such as a cap on what percentage can go toward "administrative" costs.
A carefully-crafted negative income tax aimed at those 22+ years old.
Cap federal student loans at inflation based on CPI
Start requiring that all congressional districts be drawn "as square as possible".
Automatic ballot-access for presidential elections for the previous top six vote getters. By party or independent.
First two years of college free based on the average tuition rate... capped at qualified tuition only.

Re:Can anyone think of

Reaganomics

Re: Can anyone think of

You.

Re:Can anyone think of

[rickb928]

You can blame the Democrats for that, more than one way:

Bill Clinton signed this into law.

S.900 passed the Senate with 52 Republican votes and 38 Democrat votes, and the House with 207 Republican votes and 154 Democrat votes.

The Republicans did hold a majority in Congress, 223 Republicans, 211 Democrats, one Independent in the House, 55 Republicans to 45 Democrats (mostly) in the Senate.

Claims that the Republicans passed this would have to ignore the Democrat involvement.

Re:Can anyone think of

[AK+Marc]

Reagan's 3 treasons. Or the fact that the US people voted in a senile president suffering from dementia.

Re:Can anyone think of

[Curunir_wolf]

TARP actually made a profit because in exchange for cash it got shares of the companies it was bailing out. It then sold those shares back for more than the cash it gave out. That plus the companies not going out of business most folks would call a success, not a fuckup.

It's a "success" if you love the businesses that got TARP money, but a massive failure if you don't. Most businesses that fuckup on such a massive scale end up bankrupt, with assets going up for fire sale prices to people that did NOT fuckup. The fact that most of those businesses also fucked over a lot of OTHER people before getting their massive capital infusion (which they parleyed into even greater profits).

Re:Can anyone think of

[Archangel+Michael]

benefited enough people

It has hurt enough people that it is not suicide.

Re:Can anyone think of

[Archangel+Michael]

Forget Jimmy Carter much? Reagan has as much to do with the failure of Carter as anything. Yeah, Carter, the person that Democrats never remember.

I blame Republicans for Obama, as much as I blame Clintons (both of them) for Obama. But Democrats were all "hopey and changey" gaga over Obama, that they clearly have the lead on his failures. And keeping Nancy Pelosi "you have to pass it to read it" and Harry Reid as leaders clearly show how much Democrats hate America.

The Republicans aren't much better keeping Mitch and John in power either.

GAHHHH I hate both parties almost equally.

Re:Can anyone think of

[tnk1]

I think we need to break this down.

Having a business go under is an incredibly shitty thing. You do want to avoid that, if you can.

The problem is not that these businesses still exist, it's that the people who ran those businesses had no negative impact for running those businesses _badly_. Therefore, bad management and short term thinking is rewarded.

If there is a structural problem with those businesses, or their product is no longer needed (like buggy whips), I can understand letting them go under. For everything else, it is almost always who is running the business, as opposed to the business itself, which is the problem.

Re:Can anyone think of

[anagama]

I don't know why people keep calling it Obamacare, it's Nixoncare. http://www.salon.com/2013/10/2...

Today's democrats make Nixon look like a pot smoking hippie -- they've managed to engage in more war than he did, more massive surveillance than he did, and give away more money to private corporate interests than even GWB managed to do.

Re:Can anyone think of

[fahrbot-bot]

benefited enough people

It has hurt enough people that it is not suicide.

Citation seriously needed - from a reputable source. On balance, if you investigate this honestly, I suspect you'll find that the ACA has helped more than it has hurt. Sure, some people have had to pay higher premiums, but it is almost always for better coverage, and many people complaining didn't have any insurance, but now have coverage - especially people needing Medicaid. Ironically, people in Red states have benefited more than those in Blue states.

Here's a citation: Is the Affordable Care Act Working?, from 10/2014, quoting:

1. Has the percentage of uninsured people been reduced?
   Answer: Yes, the number of uninsured has fallen significantly.
2. Has insurance under the law been affordable?
   Answer: For many, yes, but not for all.
3. Did the Affordable Care Act improve health outcomes?
   Answer: Data remains sparse except for one group, the young.
4. Will the online exchanges work better this year than last?
   Answer: Most experts expect they will, but they will be tested by new challenges.
5. Has the health care industry been helped or hurt by the law?
   Answer: The law mostly helped, by providing new paying patients and insurance customers.
6. How has the expansion of Medicaid fared?
   Answer: Twenty-three states have opposed expansion, though several of them are reconsidering.
7. Has the law contributed to a slowdown in health care spending?
   Answer: Perhaps, but mainly around the edges.

Re:Can anyone think of

[Coren22]

Start requiring that all congressional districts be drawn "as square as possible".

The funny thing is that often those funky borders come from laws passed by Democrats to try and get minority districts in majority Republican states. It is quite rarely able to be attributed to actual gerrymandering like you are trying to indicate.

Re: Can anyone think of

And Chrysler bought by Fiat...

Why?

The only purpose it serves is to completely erase all trust. Who gets fired?

Re:Why?

[jakimfett]

Suggestion: Everyone go report this as a HIPAA violation.

Re:Why?

[Archangel+Michael]

Can you sue the Government over HIPAA violations in ObamaCare? Would Obama let you?

Re:Why?

You can file a suit against anyone. Whether a judge will accept that you have standing is another matter, and Obama will probably take time from being confused about who owns stocks to whine about sovereign immunity.

Re:Why?

Makes sense to me. As far as I'm concerned smoking status is health information when disclosed to a health care provider and pregnancy status sure as hell is private health info. In order to provide us with better health care through big data, we will no longer be permitted to have medical secrets that aren't available in an online database. It's for the children.

Re:Why?

Sovereign Immunity says no. The government can do as it likes, move along citizen.

Re:Why?

The website operates in a loop hole area because it does not provide health care - so it is not subject to HIPPA

remember you have to pass the bill to see what is in it

Wow... Just "no".

[pla]

In what universe does a government website selling personal info to advertisers count as even remotely fucking acceptable???

This doesn't "raise significant privacy concerns", it sends a great big middle finger to the American public from its own elected officials. I don't care about the "potential" for misuse - I care that someone even considered the possibility of using healthcare.gov to siphon off PII.

Uncle Sam needs to retire.

Re:Wow... Just "no".

[gstoddart]

In what universe does a government website selling personal info to advertisers count as even remotely fucking acceptable???

One in which some asshole has decided it needs to run for a profit, or on a cost recovery basis ... and with zero regard for patient confidentiality.

I agree with you, and any sane country with privacy laws would be appalled -- and you'd expect this to violate some HIPAA laws.

Essentially this demonstrates the problems with analytics -- is some asshole you don't have anything to do with gets to know everything you do and everything about you.

That's utterly insane, and if it isn't, it should be illegal.

But somehow it seems that ensuring the profits of corporations is more important than privacy and the act of restricting what corporations do is unthinkable to some.

Re: Wow... Just "no".

In this case, that asshole is a Democrat.

Re:Wow... Just "no".

[DarkOx]

Why are you surprised the entire 'Affordable' care is really just a pile of giveaways to certain monied interests.

I mean come on the left the private insurance industry in place, while all but forcing the public to buy their product. The left them with the ability to set rates. The only real encouragement for them not gouge, is fear of political back lash AND essentially a government grantee that if they do somehow lose money they will be make whole.

There essentially no controls on the medical tort industry in it.
Nothing was done manage increasing drug costs
The medial device tax, the like one thing that industry might not like, is suspended.
Piles of money were spent hiring the incompetent to build the exchange.

The entire thing is theft all the way up and down.

Re:Wow... Just "no".

I don't give a fsck about targeted advertisements (though it is unforgivable that the government provides personal information to private companies). However, the potential for that information to reach insurance companies, employers and other such entities is absolutely scary.

Privacy is like virginity: you lose it only once.

Re:Wow... Just "no".

[jellomizer]

Give me a H
Give me an I
Give me a P
Give me an A
Give me an A

What does that spell HIPAA
What does that mean! The government should fine itself!

I think if the government needs to fine itself, they should refund the money back to the tax payers for services failed to render.

Re:Wow... Just "no".

In what universe does a government website selling personal info to advertisers count as even remotely fucking acceptable???

In a world where this is "industry standard". Install the "RequestPolicy" plugin and prepare for your jaw to drop. The IT industry has made an unholy pact with advertisers and data miners. It is absolutely shameless. Remember that story from yesterday, "Google Thinks the Insurance Industry May Be Ripe For Disruption"? There isn't a web site that doesn't load the Google analytics script. The most prolific data miners are thinking about entering the insurance business, and you think a health care web site ought not track you every way it can...

Re: Wow... Just "no".

[gstoddart]

In this case, that asshole is a Democrat.

You're absolutely correct:

The Obama administration says HealthCare.gov's connections to data firms were intended to help improve the consumer experience. Officials said outside firms are barred from using the data to further their own business interests.

Just fucking wow.

The stupidity inherent in this choice is beyond belief.

Re: Wow... Just "no".

Your government. Brought to you by the insurance industry and big pharma.

A failing bank wrote the recovery act. Insurance companies wrote the AHA. What did anyone really expect to happen. 1100 pages that no one read before voting on the bill. I expect that somewhere in that document is the statutes that allow it happen.

Re:Wow... Just "no".

[Guy+From+V]

Here's a Ycombinator discussion on this very thing...

https://news.ycombinator.com/i...

Re:Wow... Just "no".

[BarbaraHudson]

In what universe does a government website selling personal info to advertisers count as even remotely fucking acceptable??? This doesn't "raise significant privacy concerns", it sends a great big middle finger to the American public from its own elected officials. I don't care about the "potential" for misuse - I care that someone even considered the possibility of using healthcare.gov to siphon off PII. Uncle Sam needs to retire.

There is zero evidence that this data is being used for advertising purposes - the article makes a lot of speculation. For example:

to private companies that specialize in advertising and analyzing Internet data for performance and marketing,

For example, IBM does both - but they also do pretty good data analysis. Would you rather it goes to some 3rd-world country for analysis (because you can be pretty sure it will be sold)?

Now, I'm not saying there's nothing to see here - but is it just fog that will dissipate in the morning sun or smoke that indicates a fire? Can't tell from the article, because it's almost al speculation and what-ifs.

Re:Wow... Just "no".

[Gravis+Zero]

I agree with you, and any sane country with privacy laws would be appalled -- and you'd expect this to violate some HIPAA laws.

That's utterly insane, and if it isn't, it should be illegal.

i think it actually might be violating HIPAA. someone should be going to jail for this, whether they do or not is a different matter.

Re:Wow... Just "no".

[XxtraLarGe]

I think if the government needs to fine itself, they should refund the money back to the tax payers for services failed to render.

Laws are for other people. When the government does it, it's different. If you think this is bad, just wait until they nationalize the internet under the guise of "net neutrality".

Re:Wow... Just "no".

[Actually,+I+do+RTFA]

In what universe does a government website selling personal info to advertisers count as even remotely fucking acceptable???

Probably the universe where a bunch of assholes insist that the federal government not use in-house personnel to build this website, and instead outsource it to the lowest bidder... who is lowest because they valued and counted on this additional revenue stream?

Uncle Sam needs to retire.

Uncle Sam needs to get his ass off the bench, and stop outsourcing all it's functionality to private companies who do this shit.

Now, the government was complicit in allowing this. But I think that if it weren't outsourced to a company attempting to monetize everything, no one would think of this.

Re:Wow... Just "no".

[Sir_Substance]

I actually see this not as the fault of elected officials, but the fault of software developers.

There is something pretty profoundly wrong with our industry. Someone coded this monstrosity. Someone coded prism. Someone coded a backdoor into every linksys router. Apparently, those someones thought their actions were ok enough to not refuse the job, or they feared that if they didn't do it, they'd be fired and someone else would do it anyway.

We need to take a group stand against unethical software development.

Re:Wow... Just "no".

[budgenator]

They sent the info to 14 different companies,
HIPAA violation is due to willful neglect and is not corrected, Minimum Penalty, $50,000 per violation, with an annual maximum of $1.5 million; Maximum Penalty, $50,000 per violation, with an annual maximum of $1.5 million;
is a $1.5M fine going to phase either the USG or that rogue's gallery of internet advertiser's? We probably spend more than $22.5M on brake pads for fighter jets each year.

Re:Wow... Just "no".

I'm sure doubleclick does excellent data analysis as well but they do not do it for your benefit.

The list of companies in the EFF article are not companies known for data analysis to find patterns resulting in better treatment. They are all companies that do data analysis to sell advertising. Twitter, Yahoo, and Youtube need to know someone is shopping for healthcare? The only one not on the list is facebook (unless they own one of the others).

Re:Wow... Just "no".

[mrchaotica]

There is zero evidence that this data is being used for advertising purposes - the article makes a lot of speculation.

Bullshit. The fact that the information gets sent at all is prima facie evidence that it's being abused. The burden of proof is on the government to justify it.

Re: Wow... Just "no".

Stop assuming stupidity, start assuming the motive here is homicidal malice, and you are much closer to the truth.

Re:Wow... Just "no".

That's utterly insane, and if it isn't, it should be illegal.

Of course it is illegal, but our government has claimed again and again over the past couple of decades that it is above the law and "the people" have shown again and again that they are willing to accept that. All for the children and terrorists, of course.

Re:Wow... Just "no".

While we're at it, could we also take a stand against writing shitty, unmaintainable software while we're at it.

And do you really think the guilty developers would care?

Re:Wow... Just "no".

There isn't a single process that can't be made more profitable by siphoning the data off into advertising. It doesn't even matter what the core business is - if you have data you're obliged to monetize it. If you fail to do that then your business will rapidly die to the next business that *will* monetize that data. Advertising is that magic tap you can just turn on and dollars flow out. It's a money tree, and there's no penalty for using it any time you get chance.

Now - invent a penalty for using that magic money tree. Then enforce that penalty. Then you might get some traction.

The other thing that's interesting is that they're selling income information. In an age where I'm contractually obliged to not divulge my salary information to anyone (strictly verboten, firing offense) and it seems everyone but the guy in the next cube seems to know my salary. Heck, the American Family Survey has the sole purpose of doing this except they try to forcibly extract information under a false threat of legal sanctions (The penal codes they quote are utterly meaningless). Then they take that information and sell it. Really personal stuff like what time you go to work and how many times you take a shit in a day. It's quoted as a "civic planning tool" but you'd be foolish to think someone isn't making some bank out of that game. This is apparently "good business" in America.

Re:Wow... Just "no".

You know, like how medical ethics totally prevented the CIA from finding doctors willing to help out with torturing people.

Re:Wow... Just "no".

Don't you know by know laws don't apply to government or elected officials.

Re: Wow... Just "no".

[halivar]

Not really, most of the ACA was recycled Republican ideas, complete with bending over for the insurance companies and using private contractors to build the web site.

This is said repeatedly, and yet the previous administration, with a Republican house and senate, never advanced a bill for it, and not a single Republican voted for it when a bill for it finally was.

Re: Wow... Just "no".

[ganjadude]

Not really, most of the ACA was recycled Republican ideas,

People keep saying this, but its simply not true, unless you try and say that what a republican said was ok for the state to do is also ok for the fed to do, which is exactly the opposite of the truth. to some people, the 10th amendment still matters

Re:Wow... Just "no".

[ganjadude]

per violation. 1.5 million bucks times however many people are signed up through the website.

Re:Wow... Just "no".

[ganjadude]

frankly it doesnt matter WHAT they do with the data, HIPPA says they cant share any of it

Re: Wow... Just "no".

[ganjadude]

I mean by that same logic, I think that its perfectly fine to share my money with my friends. That does not mean that I said its ok to share my money with everyone else.

Re: Wow... Just "no".

[g0bshiTe]

That doesn't matter to the agenda, it was a Republican idea and we had to do something.

Re: Wow... Just "no".

Not really, most of the ACA was recycled Republican ideas, complete with bending over for the insurance companies and using private contractors to build the web site.

This is said repeatedly, and yet the previous administration, with a Republican house and senate, never advanced a bill for it, and not a single Republican voted for it when a bill for it finally was.

So what? One might speculate the Republican Congress didn't want to proactively support a bill like ACA under a Democratic president (and Pres. O. in particular).

Re:Wow... Just "no".

[Chris+Mattern]

i think it actually might be violating HIPAA

Nope. Because they're not covered by HIPAA. Only "covered entities" have to comply with HIPAA privacy regulations and, guess what? The government is not a covered entity.

Re:Wow... Just "no".

[nofx911]

The government is not evening getting paid for the paid for the personal information! They are giving it away for free due to sloppy coding, such as using GET for form posting which leaks all of the fieldname/value pairs to the third party sites via the referrer header.

Then again, there could be some side deal, but from everything else that has happened with the Healthcare.gov website I think that it was just really poor design.

Re:Wow... Just "no".

[The+Fifth+Man]

"only "covered entities" have to comply with HIPAA privacy regulations and, guess what? The government is not a covered entity."

Hi, HIPAA guy here. This is most assuredly incorrect. Popular misconception though.

Per HHS' own rules, the site operates as a Business Associate and is fully covered by HIPAA.

http://www.hhs.gov/ocr/privacy...

Re:Wow... Just "no".

[fortfive]

IANAHipaa expert, but I would guess that since it is only providing anonymous info, it does not fall under hippo restrictions. That doesn't make it right, or even ethical, but it's probably not illegal.

Also, I don't think people can go to jail for HIPAA violations.

Re:Wow... Just "no".

[Ksevio]

Despite its name, healthcare.gov does not handle medical data so it can't violate HIPAA laws.

Still, it should not be doing it.

Re: Wow... Just "no".

[GrumpySteen]

This is said repeatedly, and yet the previous administration, with a Republican house and senate, never advanced a bill for it

http://www.gpo.gov/fdsys/pkg/B...

No, the previous administration didn't introduce the bill. It was introduced back in 1993 by a group of about 20 Republican sponsors. It didn't get enough traction to go anywhere.

There are a lot of similarities between the ACA and HEART, but there are differences too.

http://www.politifact.com/pund...

Re: Wow... Just "no".

[ganjadude]

no republicans have ever tried to push a bill like that on the entire country. 10th amendment

Re: Wow... Just "no".

Page one of the Democrat playbook: Blame the Republicans, no matter what!!!!

Re:Wow... Just "no".

[queequeg1]

Anonymizing protected health information (while still retaining value for person-specific marketing purposes) can be difficult (if not impossible). Here's a link to an article that talks about the kind of identifiers that would have to be scrubbed.

http://www.hhs.gov/ocr/privacy...

Scroll down to the table that describes the "safe harbor" method of deidentifying data.

Age is a problem. Additionally, if a person's identity can be as easily determined using other readily accessible information (as the summary seems to say), you also have a problem.

Re:Wow... Just "no".

Not a problem either way with this, right BarbaraHudson http://yro.slashdot.org/commen... ? Right!

Re: Wow... Just "no".

[halivar]

There's a natural tension in conservative thought between "I don't want to pay for someone else's bills" and "I don't want the government to force people to buy something they maybe can't afford." In the debate over ACA, these two modes of thought are mutually exclusive, and a lot of republicans had to decide which was more important.

Re:Wow... Just "no".

[g0bshiTe]

It's adorable that you have so much faith in the government that they wouldn't sell that data outright or you know allow it for some type of kickback.

Re:Wow... Just "no".

You mean like Texas selling information on drivers, or Florida doing the same? The funny thing is that these are states where "big government" is supposedly frowned upon.

Re: Wow... Just "no".

[njnnja]

I don't think the U.S. can afford all the health care Americans want

All discussions of the health care system needs to start and end with agreement on this quote, if nothing else. Of course we can't afford all the health care that we want; we also can't afford all of the iPhones that we want, or education, or anything, really. Economics is the study of how we allocate finite resources to try to satisfy infinite wants, and nowhere is that more stark than with health care.

Whether the method for allocating those finite resources is a price system, a queueing system, a random drawing, or otherwise, there are always trade-offs. The problem with health care is that nobody wants to acknowledge that some trade-off will be required. If you only use prices, then the poor won't get as much care as the rich. If you only use queues, then everybody will suffer with ailments during the wait. So we have this phenomenally complex system that tries to pretend that there are no limits to our medical resources, because while we are generally OK with the fact that rich people can have the latest iphone while others make do with generic android, or that you wait in line to get a table at your favorite restaurant, we are apparently not OK with hearing that someone doesn't get exactly the health care that they want when they want it because they don't have enough money, or other people with the same problem have booked the doctor's time for weeks.

Once we are honest about who we are willing to deny care to, then we can have a productive conversation about health care. Everyone can say "This is how I think care should be allocated" and we would create a system that allocates resources according to the wishes of the people, as expressed by their elected representatives. But instead we create layer upon layer of employer backed insurance, and government backed insurance, with some private delivery, but some public delivery, so that nobody can understand it. So now people's positions on health care reform are mere reflections of mood affiliation rather than of what they actually want out of the system.

Re:Wow... Just "no".

[jakimfett]

Suggestion: Everyone go report this as a HIPAA violation.

Re: Wow... Just "no".

[dAzED1]

::blink:: wait, what? Something inside me wants to know how you interpret Art1, Sect8, Clause12...just for giggles.

Re: Wow... Just "no".

This is said repeatedly

Because it's Mitt Romney's plan from Massachusetts. Are you disputing this?

not a single Republican voted for it when a bill for it finally was.

Because Congressional Republicans were so obsessed with handing Obama a defeat that they would have voted against Jesus Christ himself as a nominee for a cabinet position in the Obama administration.

Re:Wow... Just "no".

"Nothing was done manage increasing drug costs"

Even better, negotiating drug cost is actually prohibited in the bill. For Medicare/Medicaid at least. You pay what the drug company says you'll pay and you'll like it.

Re:Wow... Just "no".

[dAzED1]

to be fair, this was only really clear starting with Omnibus - prior to that, HIPAA relied a lot on common sense and a personal sense of ethics from the reader. Fortunately, the semi-retroactive nature of it to 2009, plus Omnibus being released 9 months prior to healthcare.gov, means that yes - the government faces stiff penalties of paying itself money (amount=irrelevant, since paying self) and the BAs made $1.7BILLION for making a farking WEBSITE for fark's sake, so I don't think the 1.5M max fine will really cramp their style much.

Re:Wow... Just "no".

[BarbaraHudson]

It's not a question of faith in the government so much as wanting to see some substance instead of if rumor and speculation.

Re:Wow... Just "no".

In what universe does a government website selling personal info to advertisers count as even remotely fucking acceptable?

Selling? Where did anyone (except you) claim they were selling this information? It's leaking out via referrer. Yes, this is unacceptable, but it's not another sign of an evil government you're so quick to believe in.

Re:Wow... Just "no".

The same world that allows the IRS to target people for their political beliefs. Did you stand up then ? Did you write your congressmen ? When they came for the jews.......

Re:Wow... Just "no".

[Holi]

Except Healthcare.gov doesn't actually handle any medical information. It's a website for purchasing a health plan, not for getting actual health care. No medical information no HIPPA violation. Still a really shitty thing, but probably not illegal.

Re:Wow... Just "no".

[queequeg1]

The article states that information shared could include pregnancy status (clearly protected health information) and smoking status (most likely PHI).

Re:Wow... Just "no".

What you say is nonsense. DoubleClick and its partner networks do nothing but. Any analytics of note is related to online promotions.. Even if this was only CoreMetrics or Adobe Anatlyics, it still would be insane to be sending things like income level. And even if they had a valid reason for doing that, it could be done in a non public manor.

Re: Wow... Just "no".

wouldn't that fall afoul of the separation of church and state? and why would He accept the nomination in the first place?

Re:Wow... Just "no".

[JohnFen]

There is zero evidence that this data is being used for advertising purposes - the article makes a lot of speculation. For example:

I disagree. The evidence is that the data is being sent to them. Nothing more needs to be proven. There is no -- as in zero -- legitimate reason for the site to be doing this. All performance analysis they need can be done in-house.

For example, IBM does both - but they also do pretty good data analysis. Would you rather it goes to some 3rd-world country for analysis (because you can be pretty sure it will be sold)?

I honestly don't see any difference between the two scenarios. I have no reason to think that domestic ad companies are any more trustworthy than 3rd world country companies (and I have several reasons to think that they're not). I'm pretty sure it will be sold either way.

Re:Wow... Just "no".

[codewarren]

Bullshit. The fact that the information gets sent at all is prima facie evidence that it's being abused. The burden of proof is on the government to justify it.

Bullshit, the fact that you were arrested by police and prosecuted by the DA is prima facie evidence that you are not innocent. The burden of proof is on you to justify yourself.

You can't change what "evidence" means because it suits your ideological goals.

Re:Wow... Just "no".

[Ksevio]

But just because something is medically related, doesn't mean it's protected by HIPAA. Target knowing a customer is pregnant isn't required to protect that information. For healthcare.gov, this article states it does not need to comply.

Re:Wow... Just "no".

[Ksevio]

http://www.crn.com/news/channe...

Re: Wow... Just "no".

[Curunir_wolf]

::blink:: wait, what? Something inside me wants to know how you interpret Art1, Sect8, Clause12...just for giggles.

To raise and support Armies, but no Appropriation of Money to that Use shall be for a longer Term than two Years;

WTF does that have to do with Obamacare?

Re: Wow... Just "no".

[AK+Marc]

They learned it from the Republicans.

Re:Wow... Just "no".

[AK+Marc]

The information shared is "personal information" not "medical information", though status as a smoker or pregnant could fall under both. HIPAA doesn't apply to the government anyway. And, unless it's changed since the last time I looked, the "p" had been enforced, but never the "a". People have been fined for not releasing information, but never fined for releasing too much to the wrong people. The real point of the law was that doctors would hold prescriptions and diagnoses hostage, demanding extortion fees to release them, of failing to release them to demand followups go through the same doctor. Yes, when fixing that, they added in a little bit on privacy, but the portability was the main point, and the *only* portion that's ever been enforced. The "accountability" portion has never been enforced.

Again, last I looked. They may have finally fined someone for a privacy breach, but I doubt it.

HIPAA was created to empower the patient in choice of doctor and treatment, not increase privacy (privacy is bad, as it leads to abortions). And that's exactly how it's been enforced.

Thankfully, the public is dumb as rocks, and I got paid big bucks to tell doctors "that's not required by HIPAA, but if you don't trust my legal opinion, but trust my technical skills, I'll be happy to do the superfluous work for $250/hr." They were lining up, for a few years. Scared of a law they didn't understand, even when it explicitly says "this should not be construed to mean that encryption is required", which I had highlighted in all my printouts of the law I carried with me. Funny how even the wording of the law can't change a closed mind.

Re:Wow... Just "no".

[mrchaotica]

Your argument fails because it assumes that individuals and government are somehow equivalent. They are not. In fact, quite the opposite: the burden of proof lies always lies with the government precisely because it is a government, and not an individual!

People are always innocent until proven guilty.

Government is always guilty until proven innocent.

Re:Wow... Just "no".

[budgenator]

IANAL but I think that pesky coma between "violation" and "with an annual maximum of $1.5 million" stops the per violation part and start the annual maximum part without regard to the number of violations.

Re:Wow... Just "no".

[The+Fifth+Man]

Check Section 164.514(b)(2)(i) for the identifiers. Remember, IIHI is literally defined as a "subset" of PHI (see Section 160.103). That means disclosing, say, a name alone is a breach of HIPAA in a healthcare context (and shopping for medical insurance is, and it is very much covered by HIPAA).

Data doesn't need to be medical in nature, it needs to be related to healthcare. Your personal data qualifies in this context, I can absolutely assure you.

Re:Wow... Just "no".

[codewarren]

No, my argument is that you cannot change the meaning of evidence. Police may stop you because of evidence, but police stopping you is not evidence.

You are correct that the analogy doesn't run through, but it doesn't need to. It does show that "evidence" has a meaning that the GP tried to subvert to make an ideological point.

If I had argued that the government doesn't need to show you shit, then you'd be right, but I'd never argue that. The government should demonstrate that such action is being prevented.

However, that STILL doesn't mean that this is "evidence of abuse" it is "evidence of sending". If it did mean that, then actual "evidence of abuse" would lose its meaning.

Re:Wow... Just "no".

[The+Fifth+Man]

That may be, but by the very black and white wording of the law itself, the site is acting in a business associate capacity on behalf of health insurance companies.
Despite what is being reported -- "HHS says it isn't covered uhcuz it doesn't wanna be" -- it is, indeed, covered by HIPAA.

I have been quoting section references to you in an earlier reply but it might be better if you read a summary:
http://www.hhs.gov/ocr/privacy...

The problem for the website is that by HHS definitions, it is handling PHI (remember Section. 160.103 here) and is acting in a business associate capacity (this is also, coincidentally, covered at Section 160.103) and is therefore covered by HIPAA, period, over and done.

As for what happens when they pull the "well, we don't feel like it" card at HHS, I have no idea.

Re: Wow... Just "no".

[Locando]

They're talking about the Heritage Foundation's 1989 proposal, later supported by Orrin Hatch in 1993, revised again in 1994.

Also available at less truthy sources in more detail.

Re:Wow... Just "no".

[The+Fifth+Man]

See my earlier comments, but this is most definitely false.

The issue is that HHS boxed themselves in by the way they defined business associates and medical information. This is not a case of "HIPAA only applies to providers like hospitals" (which was the case prior to 2009). Giving even a name to an insurance company after facilitating shopping for medical insurance qualifies the entity or party as a business associate, and that data -- even though it's not "I have a cold" or whatever -- is still legally defined as medical data. (See section 160.103 for more on this.)

HIPAA absolutely, 100% applies. As I point out elsewhere, the issue is what happens when HHS says "well, we wrote it for the little people, not for US."

Re: Wow... Just "no".

[anagama]

Are you referring to Obamacare and suggesting that no Republican ever tried to foist it on the whole country?

http://en.wikipedia.org/wiki/R...
(yes, he was a republican)

http://www.salon.com/2013/10/2...

Nixon never really got anywhere with it though -- he had to resign the office. BUT, republicans have wanted to foist this forced subsidization of the private insurance companies crap on us for decades. Now they got it thanks to our Demoplicans.

Re:Wow... Just "no".

[The+Fifth+Man]

Nearly everything you've stated is false and contradicts the plain wording of the statute. You're actually giving out "legal opinions"?

>The information shared is "personal information" not "medical information"

Please review the elements of IIHI at Section 164.514(b)(2)(i) and that IIHI is a subset of PHI at Section 160.103(1) and (2).

> HIPAA doesn't apply to the government anyway

Then why does IHS have to comply? Why does the NIH bother with it at all when they interface with non-government organizations?

>And, unless it's changed since the last time I looked, the "p" had been enforced, but never the "a"

Portability and not accountability? You haven't even looked at the enforcement actions taken by the OCR, then.

> People have been fined for not releasing information, but never fined for releasing too much to the wrong people.

You literally don't know what you're talking about. I'm honestly terrified for your clients (if you actually have any).

> even when it explicitly says "this should not be construed to mean that encryption is required"

The law doesn't say that, nor anything even remotely close, and you have drastically misunderstood the addressability standard, and furthermore, see Section 164.312, Technical safeguards which will rest assured contradict what you've said.

If you ever really had clients, you did them not only a disservice, you've left yourself open to have your ass sued off (and I'm not even talking about HIPAA at that point, but gross negligence.)

Re: Wow... Just "no".

[radarskiy]

"the previous administration, with a Republican house and senate, never advanced a bill for it"

The Republican plan was older than that. See Health Equity and Access Reform Today Act of 1993 and Consumer Choice Health Security Act of 1994.

Re: Wow... Just "no".

[Coren22]

What is the limiting factor though? Should we build more medical facilities? Maybe offer more public money to fund more doctors? Clean up the medical patent system? Maybe loosen rules on "medical devices"?

Just trying to make the system work with what we have is silly, lets fix the problems instead.

Re:Wow... Just "no".

[queequeg1]

Additionally, doesn't appear that HHS has definitively said it is not covered by HIPAA. The article Ksevio linked to is specific to covered entity liability under HIPAA. It mentions nothing about the potential for healthcare.gov to be a business associate (presumably of the various insurance companies it works with).

There are a couple of ways to be classified as a business associate, the pertinent way in this case being the creation, reception, maintenance, or transmission of PHI on behalf of a covered entity for "a regulated function or activity."

Healthcare.gov is clearly creating and transmitting PHI to insurance companies (which are covered entities). However, HHS has not clarified whether it considers health insurance portals to be performing a regulated âoefunction or activityâ for insurance companies.

Re:Wow... Just "no".

[BarbaraHudson]

I'm very skeptical about any article that makes basic mistakes:

Google, thanks to real name policies, certainly has information uniquely identifying someone using Google services.

Google 's real name policy is dead.

And Facebook also had to back down when a single vigilante used it to harass people.

Re:Wow... Just "no".

[BarbaraHudson]

All performance analysis they need can be done in-house.

Obviously history disagrees with you - they couldn't even keep the site running properly for how long again ??? I'd look at the companies involved at implementing the site taking this as a cheap and easy way to do analytics (and maybe a few back-room deals as well) rather than a policy of the government.

Re: Wow... Just "no".

[ganjadude]

oh, so they are talking about things that happened when I was 4 years old, written by a group that im my eyes is the equivalent of moveon.org for the right.

while I do have to stand corrected, I also find it a little off base to say that republicans 30 years ago did X, therefore republicans today like X. By that logic, the democrats are still KKK members today right? since they invented it right??

Re:Wow... Just "no".

[AK+Marc]

Nearly everything you've stated is false and contradicts the plain wording of the statute.

How many fines have been given out for not releasing information

How many have been given out for releasing too much information to the wrong people?

Those two questions answer the question of what it was for and how it was used.

Re: Wow... Just "no".

[phrackthat]

Not really, most of the ACA was recycled Republican ideas . . .

So, it's a Republican idea if a guy who is a complete leftist and just wears the name "Republican" happens to propose it and it is shot down by the Republican party? (Sen. John Chafee was the leader on the bill - just to show how conservative he was, he also wrote a bill to ban the manufacture or sale of handguns and/or ammunition, and was pro-abortion and pro-homosexual rights back in the 90's when it wasn't trendy, etc. On social issues, Chafee was amongst the most leftist in the Senate - Democrats included.) In 1993, he joined with Democratic Louisiana Senator John Breaux to form the Senate Mainstream Coalition, a coalition of six Democratic and six Republican Senators seeking bipartisan consensus on health reform

The bill Chafee authored was not even brought up for a vote because the rest of the GOP wanted nothing to do with it. The ACA is no more "recycled Republican ideas" than White Nationalism is "recycled Democrat ideas" because of Senator Robert Byrd's prior affiliation with the KKK.

Re: Wow... Just "no".

[halivar]

I dispute that being Mitt Romney's plan makes it conservative.

Re: Wow... Just "no".

[njnnja]

Those are all excellent points that can help us to increase the *supply* of health care (which is something that should be done no matter what is done on the allocation side). But we should not fool ourselves into thinking that we can ever make the amount of health care that could be supplied equal to the amount of health care that we want. For the former will always be finite and the latter will always be infinite (mod singularity).

So even after increasing the supply with the kind of reforms you suggest, we will still have the problem of how do we allocate those resources. And if we continue to use the current Rube Goldberg contraption we will still have problems.

Re: Wow... Just "no".

[PapayaSF]

They're talking about the Heritage Foundation's 1989 proposal, later supported by Orrin Hatch in 1993, revised again in 1994.

The Heritage Foundation proposal did include an individual mandate, but that's like saying your bedroom ceiling is based on the Sistine Chapel because they both are covered in paint. The Heritage proposal was for minimal, catastrophic insurance, what used to be called "major medical." That's the sort of insurance people used to be able to buy for maybe $50/month. But the ACA larded everything up with countless mandates (birth control, etc.), so that even minimal insurance is now expensive. And then, in one of many ironies, deductibles are now so high that many people avoid going to the doctor. Remember when the ACA was needed to ban "junk insurance policies," which were defined as policies with high deductibles? Down the memory hole!

I said years ago, before this monstrosity came online, that it would not work as claimed, and in fact might never work. I believe that prediction still holds. They've stopped talking about the problems with the backend, but AFAIK they have not yet fixed them, and are still doing things manually or with estimates. It will also be interesting this tax season, when millions of people find that their tax bill is higher than they thought it would be, thanks to the ACA.

Re: Wow... Just "no".

Oh, you must be familiar with the many Republicans who DO continue to make that argument, yes.

But actually, yes, Republicans also did repeat the ideas from the ACA...until Obama said fine, let's do it, then they couldn't run fast enough away from being bipartisan on it.

Re: Wow... Just "no".

Actually, that birth control mandate? Is a cost reducer that the insurance companies wanted. See having a baby? Expensive even when it works out right.

When it doesn't? Big time expenses.

So reducing when people have babies? Net gain for health care costs. Now we can't go on and say you must be licensed to reproduce, that would go way too far. But options can be provided to encourage people to choose when they have children a bit more deliberately.

But feel free to act like that mandate isn't about reducing costs. The insurance companies sure want to keep it hush-hush. They'd much rather people think it's a license to slut yourself out.

Re:Wow... Just "no".

Sending this information is an abuse in and of itself.

Re:Wow... Just "no".

Sorry, there seems to be two different concepts here, and I think they're getting mixed up and considered as one.

The government sending the information to private advertising companies is evidence of abuse on the part of the government. There is no evidence of abuse on the part of the advertising companies who received that information.

So you're partly right when you say there isn't evidence that the information was abused, on the part of the recipient. The sender, however, should never have fucking sent it to begin with, which is most certainly evidence of abuse.

Re:Wow... Just "no".

[ToddInSF]

"There essentially no controls on the medical tort industry in it."

Fuck you. No, really, fuck you and everybody like you that seeks to thwart the ability of patients to sue incompetent medical people that prey on everybody.

You piece of shit.

Re:Wow... Just "no".

[JohnFen]

I saying that it is technically feasible for a competent engineer. I'm not commenting on the contractor's ability to do it.

The ultimate blame falls on governmental policy, not the contractors, though. It is the government who decides what the acceptance criteria are, not the people the government hires. It is the government who approves or disallows the use of third party services, not the people the government hires.

Re: Wow... Just "no".

[dAzED1]

when you say something fanatical like "no republicans have ever tried to push a bill like that on the entire country" you put yourself in a group that hates helping sick people and also tends to think it's great to blow up people elsewhere (like, suffering is just great all around, I guess). You then try to use the Constitution to justify your statements - but don't really understand what is in the document at all. Such as, the Constitution directly stating there shouldn't be a standing army. The two subjects are remarkably intertwined; ACA costs a small fraction of the wars in the middle east, and at least ACA provides a /benefit/. But hey, maybe you buck the system. Maybe you don't like our middle east involvement either - maybe you're an honest "constitutionalist." Which would be great, except for the farking part that the FFs were slave owners and treated women like crap. Stop pretending one side or the other are angels without flaws, and stop pretending the Constitution was sent by G-d. Argue something on it's own merits, not based on what some long-dead slave owner thought.

Re: Wow... Just "no".

[Curunir_wolf]

Well, first, you're responding to the wrong person. I assumed you were trying to say something insightful about the law. Unfortunately it's just more of the same partisan drivel.

I get there are many people happy about the ACA, and they like justifying all the bad things that have been done in the past six years with deflection about how it "Not as bad as the Iraq war", etc. Hard to argue with that, which I guess is why it's used, but of course the ACA is bad law, for many reasons, but most compelling is that the costs are far greater than the benefits. But that's what happens when the "leaders" have clearly stopped representing the people, and the only goal is power, through whatever means possible.

You can dismiss the Constitution by looking at the founders through the lens of modern culture if you like, but frankly considering the way countries were run in the rest of the world at the time, it was a vast improvement. And it's still law. If somethings wrong with it, there are provisions for changing it. But frankly the biggest problem is that Congress puts a lot of effort into getting around it, not following it. ACA and bi-annual NDAA are no different in that regard.

Not surprised

Considering the site was thrown together by a bunch of people with no real-world experience of the language they were programming in they probably didn't understand what all they were copying and pasting into the website code.

I got bad news for you.

All your banks and credit unions do it.

ALL insurance companies do it.

Every financial services company - like the one that has your 401K and IRA - does it.

You doctor and dentist does it.

The IRS does it.

Everyone does it. They share your data

And you expect a law written by insurance company lobbyists not too?

I am not surprised by this at all.

OH! And MANY times it's offshored to Third World countries.

Have a nice day.

I do not care about the ads

[houghi]

If they show me ads about smoking, condoms, beer or PCs is completely irrelevant.

What is relevant is that the governement is selling your data. Even if the other company would trow everything in /dev/null they should NOT do that. I do not even care if it is legal or not.

I care about the fact that they share your data.

Meta data

Looks like meta data to me and the Supreme Court ruled that Meta Data is not personal information.

Right? Meta Data,
your Cell #, location , age, sex, There's no personal information in that.

Now go and vote for the person who put the Patriot Act and/or decided that Meta Data was not personal info or did not infringe on your personal liberties again morons.

Federal Health IT Strategic Plan 2015-2020

"New federal health IT strategic plan sets stage for better sharing through interoperability,"
http://www.hhs.gov/news/press/2014pres/12/20141208a.html

http://www.healthit.gov/sites/default/files/federal-healthIT-strategic-plan-2014.pdf

ACA = 1984 Realized

[BoRegardless]

The US government has become the overlord of all.

Re:ACA = 1984 Realized

The US government has become the overlord of all.

Here's a little secret: it didn't start with the ACA.

Re:!OUTRAGE!

...Obama is literally Hitler.

No, Hitler had a plan. It was not a good plan, but he had, at least, an idea of what he wanted to do.

As for Obama? A deaf bat has a better sense of direction.

European privacy laws.

No, we need European stye privacy laws in the US.

Re:European privacy laws.

[simplypeachy]

These don't work. Many UK government web sites use Google Analytics et al.

Wow... Just

If you think this is bad you don't want to know what most states do, your drivers license information, home blueprints, property tax information, etc is all sold to private entities. Thats not to say that the agencies in question necessarily have any real say in it, FOIA in most cases forces disclosure (or so we're told). That said however the fact that government HAS the information itself should be unacceptable to a free society. In most cases you can choose to not to do business with company that you don't want to have your information, but government often FORCES you to provide that information often under penalty of crime if you don't/lie.

If you like your privacy,you can keep your privacy

But, but but Obama promised confidentiality ... Now it seems like many of his other promises.

Wait, what PII?

[Enry]

The example that the EFF gave listed general information about a person, but there's nothing that would directly identify the person. No SSN, no address, no name.

Yes, doubleclick and others could use that with other information they already have and determine with some probability who the person is. But that's a separate discussion on expanding what PII is or limiting what kind of data can be stored about a person, either of which I'd be in favor of.

Re:Wait, what PII?

You clearly don't understand how cookies, especially ones created long before you visited healthcare.gov, work.

If you think Google can't correlate that http request to you, you are sadly mistaken.

Re:Wait, what PII?

[JohnFen]

It sounds like you're using the ad industry's definition of "PII". That definition is ludicrous. The bulk of information that can be used to identify me personally falls outside of the standard definition of "PII", and so the term "PII" is pretty much devoid of meaning.

Re:Wait, what PII?

[Enry]

Yes and no. In a practical sense you're right and I said as much in the second paragraph. As for the legal definition of PII:

NIST Special Publication 800-122 defines PII as "any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information."

Part 2 is pretty much met given the data that's being sent to doubleclick. But Part 1 isn't being met. This is an AND statement, so for this to be PII, both parts have to be true.

Re:Wait, what PII?

[JohnFen]

Yes, I understand. I'm just saying that definition of PII is a worthless definition, so it doesn't matter at all. When a company says things like they don't store or share any PII, they're saying nothing that is of any actual value to me. because the definition of PII is too narrow to be meaningful in a privacy or security sense.

Re:!OUTRAGE!

Id argue he had a pretty good plan, bad execution (pun intended) but the end goal was not that bad. as for obama, he also has a plan, that plan is to turn us into a 3rd world country

Go to the website and file incorrectly

[retroworks]

I haven't completed it, but maybe I should just to pollute the database. Is that a crime? I could say I'm tall, healthy, young Asian Latino woman? That would probably go too far, but at least this is data I can control better than the data the credit card companies dole out on my purchases. People are always thinking "invisibility" when nature prefers "camouflage".

That's anoying

For a typical commercial web site with an ugly terms of use, one can choose not to go there.

In this case you don't have that choice.
    For some, this site is required for healthcare.

The excuse that it was to 'improve the user's experience' is pretty lame.
What the site needs to do to provide a good user experience is work.
Historically, that may have been a high bar for govt workers.
    But this is not an excuse to make things worse.

Canadian government hosts its own piwik analytics

At least one government agency website says that they make use of analytics, but they host the analytics program and data themselves:
http://www.tpsgc-pwgsc.gc.ca/comm/ai-in-eng.html

Privacy?

[MagickalMyst]

This is the 21st century.

So could you generate millions of

[Registered+Coward+v2]

Random referral requests and thus pollute the collected data?

Government web sites shouldn't do this at all

[davidwr]

I can't think of any legitimate reason for any government agency that is providing services to the public to accept outside advertising.

If they must accept outside advertising for whatever reason, the traffic should be one-way and "blind" to the advertiser.

This means the federal government web site will need to host the ads and if they provide analytic data at all, only provide summary data, such as the number of hits in a given day or hour rounded off to a level designed to prevent teasing out additional information and if the numbers are large enough so privacy isn't an issue, the number of hits believed to come from particular states or metropolitan areas.

If you like your privacy,you can keep your privacy

Nothing to see here CITIZEN, your "confidentiality" has been preserved by redefining the word. Much as the word "collection" was redefined so that data acquired by the government isn't "collected" as long as the data isn't looked at directly by human eyes (see Executive Order 12333).

HITECH Act, not HIPAA

"only "covered entities" have to comply with HIPAA privacy regulations and, guess what? The government is not a covered entity."

Hi, HIPAA guy here. This is most assuredly incorrect. Popular misconception though.

Per HHS' own rules, the site operates as a Business Associate and is fully covered by HIPAA.

http://www.hhs.gov/ocr/privacy...

OP was technically correct-- "business associates" were not in scope for HIPAA. Later the Health Information Technology for Economic and Clinical Health (HITECH) Act applied HIPAA protections to "business associates" of covered entities.

Slashdot folks better know the HITECH act as the one that threw money into switching to "electronic" health records.

Re: HITECH Act, not HIPAA

[The+Fifth+Man]

Changed in 2009 with compliance date of Sept 2014, to be even more technically correct. Bottom line, though, HIPAA applies. We seem to agree on that important point. I feel like filing a complaint with HHS about HHS.

Wrong, see 45 CFR 164.514

If the info in TFS is true then the info sent was not anonymous, it is Protected Health Info per the explicit definition in 45 CFR 164.514.
Two examples: birth date, except for year, is PHI and ZIP code, except for the initial three digits, is PHI.

But you are correct that the only penalties for HIPAA or HITECH violations are financial penalties ... and the federal government is unlikely to fine it's own agencies.

healthcare.gov is run by private companies

[Revek]

They couldn't identify me, so experian sent me a credit application to fill out. Its really pathetic that they can't use information the government already has. Instead they rely on some private company who only cares about the bottom line. Its our governments perverse need to reduce public systems in favor of inefficient and incompetent private models. They get paid even when they do a bad job. So what you really have here is some private company using data it gathered. I would bet it was in their contract and its not even shady, its just another government sell out of its people.

Big Brother & Max Headroom all in one.

[pak9rabid]

The ad-blocks, they do nothing!

How is this not a HIPPA violation?

[dbc]

Serious question. HIPPA is very strict. Or so I'm given to understand, not having done a deep dive into the details. How can they do this without violating HIPPA?

Re:How is this not a HIPPA violation?

[dAzED1]

they can't, but the fine has a max penalty per year, and that max would just be the fed paying itself a number at which it wouldn't blink even if it wasn't paying itself. Just because something is illegal, doesn't mean it won't happen - if the only penalty for underage drinking was you had to have sex with Scarlet Johansen, do you think that would work as much of a deterrent? We don't live in a world where society can decide it doesn't accept a certain behavior, and then just expect everyone to not do it regardless what the penalty might be

Re:How is this not a HIPPA violation?

[JohnFen]

IANAL, but I am generally familiar with HIPPA. This is probably not a HIPPA violation because the HIPPA rules only apply to specific sorts of businesses, and the healthcare.gov site is not one of them. For instance, I could share any medical details I had on you as much as I want without violating HIPPA laws.

Don't fear, all the tracking is SSL!

[simplypeachy]

Visiting just the healthcare.gov web site via Firefox generates the following URL requests: http://pastebin.com/0UUbmRCf

At least all those advert and tracker sites - including those that have been helping pay for malware for over a decade - are using SSL!

Re:If you like your privacy,you can keep your priv

If you like privacy, you are racist.

Why does the govt need ad money?

[citadrianne]

Or is this something that should be encouraged to offset the enormous cost of the project?

Re:Custom hosts files stop this tracking

I use a browser plugin called Ghostery to block trackers and widgets

Orwellian

[TwoEyedJack]

The name of the Patient Protection and Affordable Care Act becomes more Orwellian by the day.

You didn't need to be a drooling fox zombie......

There is really no place here for the sophomoric name calling.

Re:Custom hosts files stop this tracking

Ghostery's advertiser owned (evidon): A fox guards your henhouse http://en.wikipedia.org/wiki/G...

Re:You didn't need to be a drooling fox zombie....

[Curunir_wolf]

There is really no place here for the sophomoric name calling.

You must be new here...

If you like your private data...

...you can keep your private data. LOL JK

PHI /= PII

NIST's definition of PII is 100% irrelevant to a discussion of handling Protected Health Information (PHI).

HIPPA laws violated

This CLEARLY violates HIPPA laws. This is ONLY supposed to be released to other HEALTHCARE providers not ad providers. HUGE distinction. HIPPA clearly states that authorizations have very specific stipulations and purposes.

Good points. Also, sometimes shit happens. 2008

[raymorris]

> If there is a structural problem with those businesses, or their product is no longer needed (like buggy whips), I can understand letting them go under. For everything else, it is almost always who is running the business, as opposed to the business itself, which is the problem.

Good points. Also, sometimes an unusual external event is a significant factor. You build homes to withstand thunderstorms, not to withstand a record-breaking monsoon. Similarly, you build a business to withstand the threats you expect it to face, plus a bit of safety margin.

Not that I liked TARP - it was bad enough as the law was written (ie the government trading cash for non-voting stock), even worse as Obama warped it ("exercise our [the adminisitrations's] ownership and management responsibilities of these companies"). However, it was a shitty situation, with no good options. TARP might have been less bad than the other choices available.

Why are there ads?

[crbowman]

"The information involved is typical ad-related analytic data?" Are there ads on the government run healthcare signup site? Why are there ads?

Re:!OUTRAGE!

So he is really Benny "the Moose" Musellini ?

Login page scripts

[LucasBC]

The login page at: https://www.healthcare.gov/mar... includes at least 8 third-party scripts, any of which could potentially harvest your username and password: https://stats.g.doubleclick.ne... https://www.googletagmanager.c... https://cdn.mxpnl.com/libs/mix... https://static.chartbeat.com/j... https://connect.facebook.net/e... https://platform.twitter.com/o... https://c1.rfihub.net/js/bcP.j... https://www.googleadservices.c...

But what you seem blind to is that...

While big business and big government are BOTH bad (both will tend toward squashing "the little guy" and put too much power into the hands of too few who are too tempted to abuse it) there is a singular vital difference that makes big government just a smidgen worse: Government writes and enforces LAWS. If you are an individual who has been wronged by business, you have some chance to appeal to government (either via the legislature or the courts) to get some help... it may not work, but you have a chance. If you are an individual harmed by government, you have nowhere to go for relief except to that very same government (and most governments pass laws exempting themselves from most claims).

Back when Obamacare was passed in congress, some of us warned it was a crap sandwich, but Nancy ("we have to pass this bill to see what's in it") Pelosi and friends won the day.. and, sure enough, Obamacare exempts the government and the website from HIPAA regulations (government has long demanded doctors and hospitals protect your data, but they passed a law allowing government to be completely reckless with your data).

Government itself violating HIPAA

Don't know what the law says about such a violation...

but medicare

The government already covers the most expensive population segment, 60 and over, who pays nothing. This pool is guaranteed to have high medical costs, and the corresponding premiums if you extrapolate insurance charts (which stop at 60) would be 1000-2000 a month and up.

So if that can be covered, why can't the rest of the population be covered, who already pays into the system for both and has much lower risk ? It does not look like such a burden actually. We cover all the uninsured and uninsurable. Covering the healthy population should be a walk in the park. It's so profitable that insurance companies have grown to what they are today based on it.

Hosts files stop these trackers

Per my subject-line - Add these entries to your hosts file to block the trackers involved:

0.0.0.0 4037109.fls.doubleclick.net
0.0.0.0 fls.doubleclick.net
0.0.0.0 doubleclick.net
0.0.0.0 akamai.net
0.0.0.0 chartbeat.net
0.0.0.0 clicktale.net
0.0.0.0 mathtag.com
0.0.0.0 mixpanel.com
0.0.0.0 nrd-data.net
0.0.0.0 optimizely.com
0.0.0.0 reson8.com
0.0.0.0 rfihub.com

0.0.0.0 google.com
0.0.0.0 yahoo.com
0.0.0.0 youtube.com
0.0.0.0 twitter.com

* The last 4 I personally would *NOT* add IF you use them extensively (pretty major sites/largely used & all that... especially the 1st 3 imo!) & if you don't? No big deal, block them...

APK

P.S.=> To create the BEST possible & most efficient custom hosts file there is? There IS this (by yours truly):

APK Hosts File Engine 9.0++ SR-1 32/64-Bit:

http://start64.com/index.php?o...

It gives you more speed, security, reliability, & even anonymity (to a lesser extent on the latter) than *ANY* single solution out there, bar-none, for less resources consumed using something you already have natively vs. "bolting on more" to do the same (heck, competitors in browser addons do less, by far): Details of what it does for you are in the link above...

Enjoy: It's 100% free, & the BEST in the security antimalware & antispyware business currently, http://www.av-test.org/en/news... per that VERY recent test's results, also host & RECOMMEND my program for hosts -> http://hosts-file.net/?s=Downl... ... apk