House Chairman Demands Answers in HealthCare.gov Private Data Leak

HealthCare.gov continues to face technical problems that cost the American public, this time, in privacy.

by / January 29, 2015

Another chapter of the HealthCare.gov saga unfolded on the weekend of Jan. 24, when the Department of Health and Human Services (HHS) announced it would boost privacy protections for residents’ personal data following reports the previous week that personal data from the insurance exchange website was being shared with third parties.

More than 50 companies are reported to have gained access to the personal information -- including names, ZIP codes, pregnancy status, age, income, smoking habits and Internet protocol (IP) address -- of millions of Americans. The head of the House Science Committee, Chairman Lamar Smith, demanded on Jan. 29 that HHS explain what’s going on.

“It is astonishing that the Obama administration has allowed scores of these companies to take up permanent residence on the HealthCare.gov website,” he wrote.

The sharing of personally identifying information contradicts HealthCare.gov’s privacy policies, which state that "no personally identifiable information" is collected by third-party Web measurement tools. HHS said it added an additional layer of encryption to HealthCare.gov that limited the amount of data that is shared with other companies.

Smith wrote in a letter this week that HHS Secretary Sylvia Mathews Burwell, Centers for Medicare and Medicaid Services Administrator Marilyn Tavenner and U.S. CTO Megan Smith may all be asked to testify before the committee “on relatively short notice,” because of the “serious issues of personal privacy and government information security.”