Slashdot Mirror

← Back to Stories (view on slashdot.org)

Healthcare.gov Sends Personal Data To Over a Dozen Tracking Websites

Posted by Soulskill on from the a-bit-too-standard dept.

An anonymous reader tips an Associated Press report saying that Healthcare.gov is sending users' personal data to private companies. The information involved is typical ad-related analytic data: "...it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer's Internet address, which can identify a person's name or address when combined with other information collected by sophisticated online marketing or advertising firms." The Electronic Frontier Foundation confirmed the report, saying that data is being sent from Healthcare.gov to at least 14 third-party domains.

The EFF says, "Sending such personal information raises significant privacy concerns. A company like Doubleclick, for example, could match up the personal data provided by healthcare.gov with an already extensive trove of information about what you read online and what your buying preferences are to create an extremely detailed profile of exactly who you are and what your interests are. It could do all this based on a tracking cookie that it sets which would be the same across any site you visit. Based on this data, Doubleclick could start showing you smoking ads or infer your risk of cancer based on where you live, how old you are and your status as a smoker. Doubleclick might start to show you ads related to pregnancy, which could have embarrassing and potentially dangerous consequences such as when Target notified a woman's family that she was pregnant before she even told them. "

37 of 204 comments (clear)

  1. Who expected differently? by Anonymous Coward · · Score: 2, Insightful

    You didn't need to be a drooling FoxNews zombie to see that Healthcare.gov was a bad idea.

    1. Re:Who expected differently? by jandersen · · Score: 4, Interesting

      You didn't need to be a drooling FoxNews zombie to see that Healthcare.gov was a bad idea.

      But the reason it is a bad idea is not that all government does is bad - rather this illustrates why things like this should be managed by a body that is guaranteed to not be in bed with business and is stricly regulated. Whether or not this can be called corruption in the legal sense, it certainly is morally corrupt.

    2. Re:Who expected differently? by Anonymous Coward · · Score: 2, Interesting

      There is no such thing as "a body that is guaranteed to not be in bed with business."

      Also, "strictly regulated" often just means "whitewashed by some taxpayer-funded agency with no teeth."

      Rather than "strictly regulated" we need "transparent and publicly accountable" in order to resist corruption.

    3. Re:Who expected differently? by Tailhook · · Score: 5, Informative

      Because Dems don't look to their angry leftist commentators to be told how to think?

      Sharpton's regular broadcast just started as I read your bullshit. I listen to his hate mongering on WVON out of Chicago. You have no idea what you're talking about.

      The callers are the best part. They've all been filled with hate from birth and many of them want violence.

      --
      Maw! Fire up the karma burner!
    4. Re:Who expected differently? by Archangel+Michael · · Score: 2

      Tell me, when is Government not in bed with business? Crony Capitalism is no better than a corrupt Bureaucracy that targets citizens, instead of serving them.

      Government isn't the solution to problems, it is largely responsible for them. Here is the process.

      People complain about problem, government "Fixes" the problem, but generates three new problems. Repeat.

      And fixing the problems government creates is as simple as raising taxes and giving the money away to voters. All those programs and shit that we spend inordinate amounts of money on, are not solving the problems they were created for. War on Poverty/Great Society hasn't stopped poverty, and from the looks of it (where I am) it is actually worse now than I have ever seen since Jimmy Carter.

      But you all keep believing government is going to solve the problems it created, but I think that is pure insanity.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  2. Why? by Anonymous Coward · · Score: 5, Insightful

    The only purpose it serves is to completely erase all trust. Who gets fired?

    1. Re:Why? by jakimfett · · Score: 4, Interesting

      Suggestion: Everyone go report this as a HIPAA violation.

      --
      Bits of code, random ramblings: jakimfett.com
  3. Wow... Just "no". by pla · · Score: 5, Insightful

    In what universe does a government website selling personal info to advertisers count as even remotely fucking acceptable???

    This doesn't "raise significant privacy concerns", it sends a great big middle finger to the American public from its own elected officials. I don't care about the "potential" for misuse - I care that someone even considered the possibility of using healthcare.gov to siphon off PII.

    Uncle Sam needs to retire.

    1. Re:Wow... Just "no". by gstoddart · · Score: 5, Insightful

      In what universe does a government website selling personal info to advertisers count as even remotely fucking acceptable???

      One in which some asshole has decided it needs to run for a profit, or on a cost recovery basis ... and with zero regard for patient confidentiality.

      I agree with you, and any sane country with privacy laws would be appalled -- and you'd expect this to violate some HIPAA laws.

      Essentially this demonstrates the problems with analytics -- is some asshole you don't have anything to do with gets to know everything you do and everything about you.

      That's utterly insane, and if it isn't, it should be illegal.

      But somehow it seems that ensuring the profits of corporations is more important than privacy and the act of restricting what corporations do is unthinkable to some.

      --
      Lost at C:>. Found at C.
    2. Re:Wow... Just "no". by DarkOx · · Score: 5, Insightful

      Why are you surprised the entire 'Affordable' care is really just a pile of giveaways to certain monied interests.

      I mean come on the left the private insurance industry in place, while all but forcing the public to buy their product. The left them with the ability to set rates. The only real encouragement for them not gouge, is fear of political back lash AND essentially a government grantee that if they do somehow lose money they will be make whole.

      There essentially no controls on the medical tort industry in it.
      Nothing was done manage increasing drug costs
      The medial device tax, the like one thing that industry might not like, is suspended.
      Piles of money were spent hiring the incompetent to build the exchange.

      The entire thing is theft all the way up and down.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    3. Re:Wow... Just "no". by jellomizer · · Score: 3, Interesting

      Give me a H
      Give me an I
      Give me a P
      Give me an A
      Give me an A

      What does that spell HIPAA
      What does that mean! The government should fine itself!

      I think if the government needs to fine itself, they should refund the money back to the tax payers for services failed to render.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    4. Re: Wow... Just "no". by gstoddart · · Score: 5, Insightful

      In this case, that asshole is a Democrat.

      You're absolutely correct:

      The Obama administration says HealthCare.gov's connections to data firms were intended to help improve the consumer experience. Officials said outside firms are barred from using the data to further their own business interests.

      Just fucking wow.

      The stupidity inherent in this choice is beyond belief.

      --
      Lost at C:>. Found at C.
    5. Re:Wow... Just "no". by BarbaraHudson · · Score: 4, Insightful

      In what universe does a government website selling personal info to advertisers count as even remotely fucking acceptable??? This doesn't "raise significant privacy concerns", it sends a great big middle finger to the American public from its own elected officials. I don't care about the "potential" for misuse - I care that someone even considered the possibility of using healthcare.gov to siphon off PII. Uncle Sam needs to retire.

      There is zero evidence that this data is being used for advertising purposes - the article makes a lot of speculation. For example:

      to private companies that specialize in advertising and analyzing Internet data for performance and marketing,

      For example, IBM does both - but they also do pretty good data analysis. Would you rather it goes to some 3rd-world country for analysis (because you can be pretty sure it will be sold)?

      Now, I'm not saying there's nothing to see here - but is it just fog that will dissipate in the morning sun or smoke that indicates a fire? Can't tell from the article, because it's almost al speculation and what-ifs.

      --
      "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
    6. Re:Wow... Just "no". by XxtraLarGe · · Score: 2

      I think if the government needs to fine itself, they should refund the money back to the tax payers for services failed to render.

      Laws are for other people. When the government does it, it's different. If you think this is bad, just wait until they nationalize the internet under the guise of "net neutrality".

      --
      Taking guns away from the 99% gives the 1% 100% of the power.
    7. Re:Wow... Just "no". by Actually,+I+do+RTFA · · Score: 2

      In what universe does a government website selling personal info to advertisers count as even remotely fucking acceptable???

      Probably the universe where a bunch of assholes insist that the federal government not use in-house personnel to build this website, and instead outsource it to the lowest bidder... who is lowest because they valued and counted on this additional revenue stream?

      Uncle Sam needs to retire.

      Uncle Sam needs to get his ass off the bench, and stop outsourcing all it's functionality to private companies who do this shit.

      Now, the government was complicit in allowing this. But I think that if it weren't outsourced to a company attempting to monetize everything, no one would think of this.

      --
      Your ad here. Ask me how!
    8. Re:Wow... Just "no". by Sir_Substance · · Score: 2

      I actually see this not as the fault of elected officials, but the fault of software developers.

      There is something pretty profoundly wrong with our industry. Someone coded this monstrosity. Someone coded prism. Someone coded a backdoor into every linksys router. Apparently, those someones thought their actions were ok enough to not refuse the job, or they feared that if they didn't do it, they'd be fired and someone else would do it anyway.

      We need to take a group stand against unethical software development.

    9. Re:Wow... Just "no". by budgenator · · Score: 3, Insightful

      They sent the info to 14 different companies,
      HIPAA violation is due to willful neglect and is not corrected, Minimum Penalty, $50,000 per violation, with an annual maximum of $1.5 million; Maximum Penalty, $50,000 per violation, with an annual maximum of $1.5 million;
      is a $1.5M fine going to phase either the USG or that rogue's gallery of internet advertiser's? We probably spend more than $22.5M on brake pads for fighter jets each year.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
    10. Re:Wow... Just "no". by mrchaotica · · Score: 2, Insightful

      There is zero evidence that this data is being used for advertising purposes - the article makes a lot of speculation.

      Bullshit. The fact that the information gets sent at all is prima facie evidence that it's being abused. The burden of proof is on the government to justify it.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    11. Re: Wow... Just "no". by halivar · · Score: 4, Insightful

      Not really, most of the ACA was recycled Republican ideas, complete with bending over for the insurance companies and using private contractors to build the web site.

      This is said repeatedly, and yet the previous administration, with a Republican house and senate, never advanced a bill for it, and not a single Republican voted for it when a bill for it finally was.

    12. Re: Wow... Just "no". by ganjadude · · Score: 5, Insightful

      Not really, most of the ACA was recycled Republican ideas,

      People keep saying this, but its simply not true, unless you try and say that what a republican said was ok for the state to do is also ok for the fed to do, which is exactly the opposite of the truth. to some people, the 10th amendment still matters

      --
      have you seen my sig? there are many others like it but none that are the same
    13. Re:Wow... Just "no". by ganjadude · · Score: 2

      per violation. 1.5 million bucks times however many people are signed up through the website.

      --
      have you seen my sig? there are many others like it but none that are the same
    14. Re:Wow... Just "no". by ganjadude · · Score: 2

      frankly it doesnt matter WHAT they do with the data, HIPPA says they cant share any of it

      --
      have you seen my sig? there are many others like it but none that are the same
    15. Re:Wow... Just "no". by The+Fifth+Man · · Score: 3, Informative

      "only "covered entities" have to comply with HIPAA privacy regulations and, guess what? The government is not a covered entity."

      Hi, HIPAA guy here. This is most assuredly incorrect. Popular misconception though.

      Per HHS' own rules, the site operates as a Business Associate and is fully covered by HIPAA.

      http://www.hhs.gov/ocr/privacy...

    16. Re: Wow... Just "no". by ganjadude · · Score: 2

      no republicans have ever tried to push a bill like that on the entire country. 10th amendment

      --
      have you seen my sig? there are many others like it but none that are the same
    17. Re: Wow... Just "no". by Anonymous Coward · · Score: 2

      Page one of the Democrat playbook: Blame the Republicans, no matter what!!!!

    18. Re: Wow... Just "no". by njnnja · · Score: 3, Insightful

      I don't think the U.S. can afford all the health care Americans want

      All discussions of the health care system needs to start and end with agreement on this quote, if nothing else. Of course we can't afford all the health care that we want; we also can't afford all of the iPhones that we want, or education, or anything, really. Economics is the study of how we allocate finite resources to try to satisfy infinite wants, and nowhere is that more stark than with health care.

      Whether the method for allocating those finite resources is a price system, a queueing system, a random drawing, or otherwise, there are always trade-offs. The problem with health care is that nobody wants to acknowledge that some trade-off will be required. If you only use prices, then the poor won't get as much care as the rich. If you only use queues, then everybody will suffer with ailments during the wait. So we have this phenomenally complex system that tries to pretend that there are no limits to our medical resources, because while we are generally OK with the fact that rich people can have the latest iphone while others make do with generic android, or that you wait in line to get a table at your favorite restaurant, we are apparently not OK with hearing that someone doesn't get exactly the health care that they want when they want it because they don't have enough money, or other people with the same problem have booked the doctor's time for weeks.

      Once we are honest about who we are willing to deny care to, then we can have a productive conversation about health care. Everyone can say "This is how I think care should be allocated" and we would create a system that allocates resources according to the wishes of the people, as expressed by their elected representatives. But instead we create layer upon layer of employer backed insurance, and government backed insurance, with some private delivery, but some public delivery, so that nobody can understand it. So now people's positions on health care reform are mere reflections of mood affiliation rather than of what they actually want out of the system.

    19. Re: Wow... Just "no". by Curunir_wolf · · Score: 2

      ::blink:: wait, what? Something inside me wants to know how you interpret Art1, Sect8, Clause12...just for giggles.

      To raise and support Armies, but no Appropriation of Money to that Use shall be for a longer Term than two Years;

      WTF does that have to do with Obamacare?

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
    20. Re: Wow... Just "no". by anagama · · Score: 2

      Are you referring to Obamacare and suggesting that no Republican ever tried to foist it on the whole country?

      http://en.wikipedia.org/wiki/R...
      (yes, he was a republican)

      http://www.salon.com/2013/10/2...

      Nixon never really got anywhere with it though -- he had to resign the office. BUT, republicans have wanted to foist this forced subsidization of the private insurance companies crap on us for decades. Now they got it thanks to our Demoplicans.

      --
      What changed under Obama? Nothing Good
    21. Re:Wow... Just "no". by The+Fifth+Man · · Score: 2

      Nearly everything you've stated is false and contradicts the plain wording of the statute. You're actually giving out "legal opinions"?

      >The information shared is "personal information" not "medical information"

      Please review the elements of IIHI at Section 164.514(b)(2)(i) and that IIHI is a subset of PHI at Section 160.103(1) and (2).

      > HIPAA doesn't apply to the government anyway

      Then why does IHS have to comply? Why does the NIH bother with it at all when they interface with non-government organizations?

      >And, unless it's changed since the last time I looked, the "p" had been enforced, but never the "a"

      Portability and not accountability? You haven't even looked at the enforcement actions taken by the OCR, then.

      > People have been fined for not releasing information, but never fined for releasing too much to the wrong people.

      You literally don't know what you're talking about. I'm honestly terrified for your clients (if you actually have any).

      > even when it explicitly says "this should not be construed to mean that encryption is required"

      The law doesn't say that, nor anything even remotely close, and you have drastically misunderstood the addressability standard, and furthermore, see Section 164.312, Technical safeguards which will rest assured contradict what you've said.

      If you ever really had clients, you did them not only a disservice, you've left yourself open to have your ass sued off (and I'm not even talking about HIPAA at that point, but gross negligence.)

  4. I do not care about the ads by houghi · · Score: 4, Insightful

    If they show me ads about smoking, condoms, beer or PCs is completely irrelevant.

    What is relevant is that the governement is selling your data. Even if the other company would trow everything in /dev/null they should NOT do that. I do not even care if it is legal or not.

    I care about the fact that they share your data.

    --
    Don't fight for your country, if your country does not fight for you.
  5. Wait, what PII? by Enry · · Score: 2

    The example that the EFF gave listed general information about a person, but there's nothing that would directly identify the person. No SSN, no address, no name.

    Yes, doubleclick and others could use that with other information they already have and determine with some probability who the person is. But that's a separate discussion on expanding what PII is or limiting what kind of data can be stored about a person, either of which I'd be in favor of.

  6. healthcare.gov is run by private companies by Revek · · Score: 2

    They couldn't identify me, so experian sent me a credit application to fill out. Its really pathetic that they can't use information the government already has. Instead they rely on some private company who only cares about the bottom line. Its our governments perverse need to reduce public systems in favor of inefficient and incompetent private models. They get paid even when they do a bad job. So what you really have here is some private company using data it gathered. I would bet it was in their contract and its not even shady, its just another government sell out of its people.

  7. Big Brother & Max Headroom all in one. by pak9rabid · · Score: 2

    The ad-blocks, they do nothing!

  8. Re:You didn't need to be a drooling fox zombie.... by Curunir_wolf · · Score: 2

    There is really no place here for the sophomoric name calling.

    You must be new here...

    --
    "Somebody has to do something. It's just incredibly pathetic it has to be us."
    --- Jerry Garcia
  9. Re:Can anyone think of by tnk1 · · Score: 2

    I think we need to break this down.

    Having a business go under is an incredibly shitty thing. You do want to avoid that, if you can.

    The problem is not that these businesses still exist, it's that the people who ran those businesses had no negative impact for running those businesses _badly_. Therefore, bad management and short term thinking is rewarded.

    If there is a structural problem with those businesses, or their product is no longer needed (like buggy whips), I can understand letting them go under. For everything else, it is almost always who is running the business, as opposed to the business itself, which is the problem.

  10. Re:Can anyone think of by anagama · · Score: 2

    I don't know why people keep calling it Obamacare, it's Nixoncare. http://www.salon.com/2013/10/2...

    Today's democrats make Nixon look like a pot smoking hippie -- they've managed to engage in more war than he did, more massive surveillance than he did, and give away more money to private corporate interests than even GWB managed to do.

    --
    What changed under Obama? Nothing Good
  11. Login page scripts by LucasBC · · Score: 2

    The login page at: https://www.healthcare.gov/mar... includes at least 8 third-party scripts, any of which could potentially harvest your username and password: https://stats.g.doubleclick.ne... https://www.googletagmanager.c... https://cdn.mxpnl.com/libs/mix... https://static.chartbeat.com/j... https://connect.facebook.net/e... https://platform.twitter.com/o... https://c1.rfihub.net/js/bcP.j... https://www.googleadservices.c...