House Lawmakers Question Covered California’s Data Sharing with LinkedIn

WASHINGTON, D.C. — House lawmakers are demanding answers from California‘s state health insurance exchange following a report that sensitive health data was shared with LinkedIn. A recent investigation by The Markup and CalMatters raised serious concerns about the privacy implications associated with these practices.

The report highlighted that Covered California used tracking tools on its website, coveredca.com, which sent health information to LinkedIn without user consent. This included personal data about conditions such as blindness, pregnancy, and the use of prescription medications. The data was collected through a marketing tracker known as the ‘LinkedIn Insight Tag’ that logged sensitive user information.

In a letter addressed to Jessica Altman, executive director of Covered California, lawmakers expressed their deep concern regarding the potential violations of federal privacy standards, including the Health Insurance Portability and Accountability Act (HIPAA). The letter was signed by Kentucky Congressman Brett Guthrie and four other Republican lawmakers, including Rep. Earl L. ‘Buddy’ Carter and Rep. Jay Obernolte.

‘The extended period of data exposure raises serious questions about the adequacy of safeguards that Covered California had in place,’ the lawmakers wrote. They are seeking to understand how the sensitive data was transmitted and what oversight existed to prevent such incidents.

Covered California, which serves millions of residents to access health insurance options, stated that the data sharing happened inadvertently and announced it has paused all use of trackers during an internal review of its practices.

In light of the alarming findings, one lawmaker has called into question whether the data sharing may have violated HIPAA. Additionally, a class-action lawsuit against LinkedIn and Google regarding privacy violations was filed shortly after the report was published.

A spokesperson for Covered California confirmed receipt of the lawmakers’ letter and indicated they will respond before the committee’s July 1 deadline. Meanwhile, a spokesperson for LinkedIn declined to comment on the matter.

The situation sheds light on the need for increased scrutiny of how health information is handled in the digital age. ‘Ensuring the confidentiality of health information is a foundational obligation for entities operating within the health insurance ecosystem,’ the lawmakers noted in their letter.