CA public health insurance program probed after sharing data with Big Tech

House Republicans are taking action against California’s state-run public health insurance exchange, Covered California, after reports surfaced that the program was leaking private patient data to third-party entities. The Republicans, led by members of the House Energy and Commerce Committee, have sent a letter to Covered California demanding answers about the alleged data breach.

The letter highlights the importance of maintaining the confidentiality of health information, citing federal privacy protections such as HIPAA. It questions whether Covered California met the expectations set by these regulations and whether existing oversight mechanisms are sufficient to prevent improper disclosures.

In late April, it was revealed that Covered California was sharing sensitive patient information with LinkedIn through trackers on its website. This information included details about patients’ medical conditions, prescription drug use, and even Social Security numbers, all without their knowledge or consent. Following public criticism, Covered California removed the trackers in April.

The state-run health insurance exchange claimed that the trackers were part of an advertising campaign initiated in February 2024. However, upon discovering the data sharing, they took immediate action to address the issue. Covered California stated that they were reviewing their entire website to ensure that no more analytical tools were improperly collecting or sharing sensitive patient data.

In response to the data breach, a class-action lawsuit was filed against LinkedIn and Google, accusing them of intercepting sensitive and confidential communications of Covered California customers. House Republicans, including Reps. Brett Guthrie and Jay Obernolte, are demanding answers from Covered California regarding the data sharing and what measures are being taken to protect patients’ information.

Chairman Guthrie emphasized the importance of ensuring the security of sensitive health data, while Rep. Obernolte stressed the need for transparency and accountability when privacy is compromised. Covered California has acknowledged receipt of the letter and is reviewing the requests, with plans to respond by the July 1 deadline. Google and LinkedIn declined to comment on the matter.

The actions taken by House Republicans underscore the seriousness of the data breach and the need for robust protections of patient information. As the investigation unfolds, it is crucial for Covered California to address the concerns raised and take steps to safeguard the privacy of its customers.