Is Your Data Safe at Healthcare.gov?
By: Anna North (NY Times) January 2015
If you’re concerned about online privacy, you’ve likely read a lot about what happens to the information you enter into sites like Facebook or Google. But now another website is generating privacy worries: Healthcare.gov.
Ricardo Alonso-Zaldivar and Jack Gillum of The Associated Press report that the health insurance site has been sharing user data — possibly including characteristics like users’ age and income, as well as whether they’re pregnant — with companies like Google, Twitter and Facebook. They write that “there is no evidence that personal information has been misused,” and that the administration says it has prohibited companies “from using the data to further their own business interests.” Still, they note, many find the practice troubling.
“Sending such personal information raises significant privacy concerns,” writes Cooper Quintin at the Electronic Frontier Foundation. A company that receives the information, he adds, “could match up the personal data provided by Healthcare.gov with an already extensive trove of information about what you read online and what your buying preferences are to create an extremely detailed profile of exactly who you are and what your interests are” — it could then “start showing you smoking ads or infer your risk of cancer based on where you live, how old you are and your status as a smoker.” Moreover, he writes, a company could connect Healthcare.gov data with users’ real identities: “Google, thanks to real name policies, certainly has information uniquely identifying someone using Google services. If a real identity is linked to the information received from Healthcare.gov it would be a massive violation of privacy for users of the site.”
“I think people should be concerned, because there’s a lot of sensitive data flowing back and forth” on Healthcare.gov, said Frank Pasquale, a law professor and the author of “The Black Box Society: The Secret Algorithms That Control Money and Information.” Even if the data provided to private companies is anonymized, he added, we shouldn’t necessarily be reassured: “There’s a big literature out there on broken promises of anonymization, of efforts where users were assured that the information was anonymized, but it wasn’t really anonymized well.”
One area of privacy concern right now is “the spillage of data from one context into others,” and he fears that once in the hands of private companies, the data might be used in ways consumers aren’t aware of. “There’s high demand for health data out there,” he said. Life insurance companies, for instance, “want to use everything on you to calculate what your life insurance premium should be.”
Woodrow N. Hartzog, a law professor who studies privacy, said that without knowing more about how private companies use the Healthcare.gov data, it’s hard to tell how worried users of the site should be. “Are third-party recipients of this information allowed to share with other people?” he asked. “Are they under an obligation to keep from trying to re-identify that information” (that is, from trying to link data to people’s real identities)? “Without transparency,” he said, “it’s really difficult to know actually how concerned we should be about this.”
Not all data collection raises privacy issues, he added: If we know that, for instance, 30 percent of residents of your city have a certain health condition, while it’s true that “that pool contains information about you, we don’t have a lot of privacy concerns.” And such information can be useful: “We might trust research institutions to take that data and glean insights from it,” perhaps about factors that might put people at risk of health problems. But as the likelihood of users actually being identified based on their data rises, he said, “the question then becomes, at what point do you ask for consent.”
Aaron Albright, the director of the media relations group at the Centers for Medicare and Medicaid Services, said in an email that “unlike many retail sites similar to HealthCare.gov, we do not and will not sell a visitor’s information. We will remain vigilant and will continue to focus on what more we can do to keep consumers’ personal information secure.”
“Private sector tools,” he added, “play a critical role in the operation of a consumer focused website. Without these tools, HealthCare.gov would be unable to effectively respond to system errors, issues that result in a poor or slow web experience, or provide metrics to the public on site visits and/or mobile usage. In addition, consumers would have to continuously resubmit information throughout the process making signing up for insurance more difficult.” And, he noted, “the use of these private sector tools is extremely common.”
Dr. Hartzog, too, noted that “what the government is engaging in here, if indeed they’re sharing anonymized data according to certain kinds of industry standards,” is in fact “common practice for lots of different websites, if not most websites.” But consumers may see government websites differently from others: “Anytime you’ve got the government involved, you have higher expectations of transparency simply because of the people’s right to demand transparency and accountability from their government.”
Alessandro Acquisti, a professor of information systems and public policy who studies privacy, made a similar distinction in an email: “Consumers have come to expect and anticipate that privately owned entities will collect, share and trade their data. They may not have similar expectations with regard to a government site dealing with such sensitive data.” And, he said, “if my expectations about what a website does with my data differ from the actual data policies of that site, that’s a privacy problem — because I may be making decisions based on incomplete or incorrect knowledge of what will happen to my data.”
And Dr. Pasquale argued that the revelations about Healthcare.gov were especially disturbing because of the Affordable Care Act’s mandate that most Americans carry health insurance. “What we now have is government effectively rolling into its mandate that you buy insurance that you also have this pervasive data tracking by what I consider to be very unreliable entities, pursuant to terms that we don’t know,” he said.
Data-sharing by Healthcare.gov may present unique issues, but for Dr. Hartzog, it’s also part of a broader problem: “Consumers should be concerned not just because it’s happening at Healthcare.gov but because it’s happening everywhere.”
And to protect ordinary users, simply asking for our consent may not be enough. “Consumers have very limited ability to protect themselves, and they also have very limited ability to even understand the risk of personal disclosure online, and all the different ways that one individual disclosure can be used against you or come back to haunt you when it’s collected, aggregated, shared with others,” said Dr. Hartzog. “It’s incumbent upon policy makers to establish good privacy policy to protect consumers so that we don’t overburden them.”
Such a policy would “make sure that companies protected the personal info they were entrusted with,” and “that they respect the trust that they were given by limiting who they share the information with and how long they keep information.” It would also require that they “try to protect information as it moves downstream,” by holding anyone they share it with to the same restrictions they abide by. Ultimately, he said, we need a system under which “consumers can be confident that the trust they place in companies and governments when they disclose information will be respected.”
