Last week, we reported that the Administration is collecting and giving away sensitive personal data of customers to the Healthcare.gov website to private marketing and data analysis companies under the guise of improving customer experience on the website.
This made headlines and prompted top Republican and Democratic lawmakers on the powerful House Oversight Committee to send a letter to the Health and Human Services (HHS) Secretary demanding answers.
Under this pressure, the Administration responded quickly. (Apparently, the government can act fast, when it chooses to.)
HHS has been busy stepping up protections of consumer information. They are adding a layer of encryption to the website to help cut back on what information gets shared with outside companies. We have been told that the website is also no longer explicitly sending out such details as age, income, ZIP code, tobacco use and whether a woman is pregnant.
Over the weekend, independent analysis demonstrates that the number of companies with embedded connections on HealthCare.gov dropped from 50 to 30.
These changes must be made quickly as they don’t just affect those with ObamaCare coverage but those who simply visit the website to shop for plans.
Privacy experts are slightly encouraged (though they admit that this is just a “first step” and much more remains to be done). But they should be demanding to know why this was done in the first place. What gave the government the right to reveal sensitive information about a private citizen to a business of its choice? It’s not enough that the companies don't explicitly receive personal data through these connections (although they do get enough to piece together a person's profile) or that the Administration has secured confirmations from these third parties that they will not use the information for their business purposes. (Inquiring minds want to know: Why do these outfits want the information, if they are supposedly not going to use it for business purposes?)
We’re glad that steps are being taken to rectify the situation, but whose idea was it to expose consumers to such risks in the first place?
The Hill reports:
“Earlier this week, questions were raised about our relationship with these companies, our privacy polices, and the technical way we were constructing our web page addresses, or URLs,” the Centers for Medicare and Medicaid Services (CMS), a division of HHS, said Saturday in a statement.
“We take these questions seriously, and immediately launched a review of our privacy policies, contracts for third party tools and URL constructions,” the agency added. “We are looking at whether there are additional steps we should take to improve our efforts. While this process is ongoing, we have taken action that we believe helps further increase consumer privacy.”
The changes include new levels of encryption when customers use the Window Shopping feature of HealthCare.gov to buy insurance, the agency said. This will reduce the personal information available to third-party companies.
“The Window Shopping tool is an online calculator which allows a consumer to get an estimate of the cost of a policy by entering a zip code, income, age, and checking a box if you’re a smoker, parent or pregnant,” the agency wrote.
"Previously, when a consumer got his or her results, it created a URL that included the data entered in the calculator. This URL is now encrypted and helps prevent third parties from viewing the data the consumer entered,” it added.
This has been a blemish on an open season for ObamaCare enrollment that was less disastrous than the first one. Perhaps that’s why the Administration is moving quickly to respond to criticism of this activity.
The problem is, it’s too little too late. HealthCare.gov is the online gateway to the federal government’s subsidized healthcare insurance, serving some 37 states. While we don’t know the exact number of website visits to Healthcare.gov since it went live more than a year ago, that number must be in the tens of millions if not higher. CMS reported that during the first weekend of this open enrollment season, they had 1 million visits alone. How many Americans have had their private information lost in total?
This is a serious privacy issue and a reminder that there are still concerns with the website. Yet, they are dwarfed by the fundamental problems underlying the Affordable Care Act that created it.