Companies including Google, Twitter, Yahoo and Advertising.com automatically obtain information from people visiting HealthCare.gov, according to analysis by congressional staffers.
The finding builds on news last week that dozens of data-tracking companies were able to obtain information about people visiting the federal healthcare website, potentially including information about their age, location and pregnancy status.
{mosads}After The Associated Press revealed details about that sharing of data on Jan. 20, staffers performed analysis of their own, which only increased concern from leading congressional Republicans.
Along with other reports, the new findings “further underscore why HealthCare.gov implementation failures cannot be simply overlooked,” GOP heads of a combined eight House and Senate committees and subcommittees wrote to Health and Human Services Secretary Sylvia Mathews Burwell on Friday, “because they have real consequences for American consumers who visit HealthCare.gov.”
According to the staff analysis, the information about visitors to HealthCare.gov is in some cases not transferred to outside companies until “long after” their visit, due to the site’s use of cookies that can stay in a visitor’s browser for years.
The AP report caused a stir among Republicans and data security advocates when it was released last week. For many critics of the ObamaCare website, it seemed to confirm many of their biggest fears about the vulnerability of people’s information when they logged on to shop for health insurance.
That same day the AP report was released, the inspector general of the Department of Health and Human Services released a report finding that the government “did not always meet contracting requirements” when setting up the marketplace, which only raised “additional questions about the safety and security of the website,” the lawmakers wrote on Friday.
The Centers for Medicare and Medicaid Services (CMS) have tried to quell concerns about HealthCare.gov by clarifying that it uses some outside tools “to do important things” such as track when people have problems accessing the website or measure its performance.
The agency also launched a review of its privacy policies in the wake of the AP story, which included adding new encryption to an online shopping calculator.
“Unfortunately, it is not at all clear that this layer of protection is sufficient,” the Republican lawmakers wrote.
The lawmakers previously wrote a letter to the CMS in September to express concern about how HealthCare.gov treated consumer data, which still hasn’t been answered they said on Friday.
The eight Republicans signing Friday’s letter were Reps. Fred Upton (Mich.), Paul Ryan (Wis.) and Jason Chaffetz (Utah) and Sens. Lamar Alexander (Tenn.), Orrin Hatch (Utah), Chuck Grassley (Iowa), John Thune (S.D.) and Rob Portman (Ohio).