Bowing to an outcry over online privacy, the Obama administration reversed itself Friday, scaling back the release of consumers' personal information from the government's health insurance website.
The administration made the changes to HealthCare.gov after The Associated Press reported earlier in the week that the website was quietly sending consumers' personal data to private companies that specialize in advertising and analyzing Internet data for performance and marketing. The personal details included age, income, ZIP code, tobacco use, and whether a woman is pregnant.
Continue Reading Below
That prompted lawmakers to demand an explanation, while privacy advocates called on the administration to make changes.
Analysis of the website Friday by AP showed that the administration had made changes to reduce the outbound flow of personal information. Before that, the website was explicitly sending personal data to third-party sites.
The site is used by millions to sign up for coverage under the health care law, or to merely browse insurance plans.
The changes were confirmed by Cooper Quintin, a staff technologist with the Electronic Frontier Foundation, a civil liberties group. Quintin called it "a great first step," but said the administration needs to do more.
An administration spokesman did not immediately respond to a request for comment on Friday.
Officials of the Health and Human Services Department had at first defended their information-sharing practices, saying the outside companies only used the data to analyze the workings of HealthCare.gov and make improvements to the website that benefit consumers. There is no evidence that consumers' personal information was misused, they said.
Created under President Barack Obama's health care law, HealthCare.gov is the online gateway to government-subsidized private insurance for people who lack coverage on the job. It serves people in 37 states, while the remaining states operate their own insurance markets. The privacy issue surfaced just as the president called for stronger Internet safeguards for consumers.
Sens. Orrin Hatch, R-Utah, and Charles Grassley, R-Iowa, called it "extremely concerning" for consumers.
Third-party outfits that track website performance are a standard part of e-commerce. It's a lucrative business, helping Google, Facebook and others tailor ads to customers' interests. Because your computer and mobile devices can be assigned an individual signature, profiles of Internet users can be pieced together, generating lists that have commercial value.
Third-party sites embedded on HealthCare.gov can't see your name, birth date or Social Security number. But they may be able to correlate the fact that your computer accessed the government website with your other Internet activities.
Have you been researching a chronic illness like coronary artery blockage? Do you shop online for smoking-cessation aids? Are you investigating genetic markers for a certain type of breast cancer? Are you seeking help for financial problems, or for an addiction?
Google told the AP this week it doesn't allow its systems to target ads based on medical information.
Privacy advocates say the administration needs to do more. The mere presence of third-party connections on the website — even if they don't explicitly receive personal data — should still be examined because of their ability to reveal sensitive information about a user.
Quintin, the tech expert with the Electronic Frontier Foundation, said the health site should disable third-party tracking services for people who chose to opt out by installing add-on software on their web browsers.
"HealthCare.gov should meet good privacy standards for all its users," he said.