.png)
2 hours ago
1
FIRST ON FOX: House Republicans are putting California's state-run public health insurance exchange on notice with a letter demanding answers about its leaking of private patient data to third-party entries as part of a marketing effort.
Spearheaded by several Republicans on the House Energy and Commerce Committee, the letter to Covered California, which facilitates public health insurance for millions of Californians, seeks answers to numerous questions about its alleged leak of private patient data to third-party entities, such as LinkedIn and Google.
"Ensuring the confidentiality of health information is a foundational obligation for entities operating within the health insurance ecosystem," the letter, signed by five Republican leaders in the House, states. It points out how federal privacy protections, in particular those stemming from the Health Insurance Portability and Accountability Act (HIPAA), establish certain "expectations" for how organizations like Covered California must handle patient information.
Additionally, in California, the law requires consumers provide permission to certain organizations before their medical information can be disclosed to third-parties.
OVER 8M PATIENT RECORDS LEAKED IN HEALTHCARE DATA BREACH
"Recent reports and public filings raised questions about whether those expectations were met in this case, and whether existing oversight mechanisms are sufficient to detect and prevent improper disclosures," the Republicans' letter asserted.
Following public criticism in late April, alleging that Covered California was passing sensitive patient data to LinkedIn via a network of "trackers" on its website, the state-run health insurance exchange removed them.
The criticism stemmed from a forensic analysis by two investigative nonprofits, which found Covered California's website was sharing patients' answers to questions, such as whether one is pregnant, or how many prescription drugs they use, or how often they see doctors, were being passed to LinkedIn without the patients' knowledge or consent. Other questions included demographic information and other sensitive personal data, and Covered California subsequently admitted to sharing patients' Social Security numbers.
In total, Covered California had more than 60 active "trackers" on various data points, according to Cal Matters, one of the investigative nonprofits that uncovered the leaked data. Cal Matters, in their investigation, pointed out how the average number of trackers across more than 200 government websites it investigated was only three.
Following the Cal Matters report that led to public criticism, Coverd California subsequently explained that the "trackers" it had functioning on its website were part of an advertising campaign initiated in February 2024, and upon discovery of the data sharing, it removed them in April the following year.
5.5 MILLION PATIENTS' INFORMATION EXPOSED BY MAJOR HEALTHCARE DATA BREACH
"Covered California leverages LinkedIn’s advertising platform tools, including LinkedIn Insight tags, which are pieces of code added to a website to help track how visitors interact with the site. This tool allows us to better understand consumer behavior and deliver tailored messages to help consumers make informed decisions about their health care options," Covered California said in a public statement put out following the Cal Matters report. "While the review is still ongoing, Covered California has identified that some sensitive data was inadvertently collected by the tags, including first names, the last four digits of Social Security numbers, and other sensitive health information like pregnancy status."
The state health insurance exchange added that it was reviewing its entire website to ensure no more analytical tools were improperly collecting or sharing sensitive patient data.
Meanwhile, days after Cal Matters brought the data-sharing concerns involving Covered California to light, a class-action lawsuit was filed against LinkedIn and Google, accusing the companies of operating software enabling them "to intercept sensitive and confidential communications of Covered California customers."
The letter from House Republicans marks the latest attempt to increase pressure on the California-run public health insurance exchange. Republicans are demanding answers to questions pertaining to its data sharing, including during the period of time it was allegedly sharing info with LinkedIn, as well as questions about what Covered California is currently doing to protect its patients' data.
BLUE SHIELD EXPOSED 4.7M PATIENTS’ HEALTH DATA TO GOOGLE
"Americans deserve to know that their sensitive health data is secure and being handled prudently," Chairman Guthrie said following transmission of the letter to Covered California. "We are hopeful that California will be transparent and forthcoming about this apparent data security failure as we launch our investigation."
"The unauthorized sharing of private health data with third-party advertisers— including pregnancy status, prescription drug use, and Social Security information— is deeply troubling," added California Rep. Jay Obernolte, a fellow Republican on the House Energy and Commerce Committee who helped spearhead the letter to Covered California alongside Guthrie. "We’re seeking answers because the people of California deserve accountability and transparency when their privacy is compromised."
When reached for comment, Covered California acknowledged receipt of the letter from Guthrie, Obernolte, and others on the House Energy and Commerce Committee, adding that they were currently reviewing its requests and plan to respond by the provided July 1 deadline. Google and LinkedIn declined to provide comment for this article.
English (US)