Is Your Data Safe at Healthcare.gov?
By: Anna North (NY Times) January 2015
If you’re concerned about online privacy, you’ve likely read a lot about what happens to the information you enter into sites like Facebook or Google. But now another website is generating privacy worries: Healthcare.gov.
Ricardo Alonso-Zaldivar and Jack Gillum of The Associated Press report that the health insurance site has been sharing user data — possibly including characteristics like users’ age and income, as well as whether they’re pregnant — with companies like Google, Twitter and Facebook. They write that “there is no evidence that personal information has been misused,” and that the administration says it has prohibited companies “from using the data to further their own business interests.” Still, they note, many find the practice troubling.
“Sending such personal information raises significant privacy concerns,” writes Cooper Quintin at the Electronic Frontier Foundation. A company that receives the information, he adds, “could match up the personal data provided by Healthcare.gov with an already extensive trove of information about what you read online and what your buying preferences are to create an extremely detailed profile of exactly who you are and what your interests are” — it could then “start showing you smoking ads or infer your risk of cancer based on where you live, how old you are and your status as a smoker.” Moreover, he writes, a company could connect Healthcare.gov data with users’ real identities: “Google, thanks to real name policies, certainly has information uniquely identifying someone using Google services. If a real identity is linked to the information received from Healthcare.gov it would be a massive violation of privacy for users of the site.”
“I think people should be concerned, because there’s a lot of sensitive data flowing back and forth” on Healthcare.gov, said Frank Pasquale, a law professor and the author of “The Black Box Society: The Secret Algorithms That Control Money and Information.” Even if the data provided to private companies is anonymized, he added, we shouldn’t necessarily be reassured: “There’s a big literature out there on broken promises of anonymization, of efforts where users were assured that the information was anonymized, but it wasn’t really anonymized well.”
One area of privacy concern right now is “the spillage of data from one context into others,” and he fears that once in the hands of private companies, the data might be used in ways consumers aren’t aware of. “There’s high demand for health data out there,” he said. Life insurance companies, for instance, “want to use everything on you to calculate what your life insurance premium should be.”
Woodrow N. Hartzog, a law professor who studies privacy, said that without knowing more about how private companies use the Healthcare.gov data, it’s hard to tell how worried users of the site should be. “Are third-party recipients of this information allowed to share with other people?” he asked. “Are they under an obligation to keep from trying to re-identify that information” (that is, from trying to link data to people’s real identities)? “Without transparency,” he said, “it’s really difficult to know actually how concerned we should be about this.”
Not all data collection raises privacy issues, he added: If we know that, for instance, 30 percent of residents of your city have a certain health condition, while it’s true that “that pool contains information about you, we don’t have a lot of privacy concerns.” And such information can be useful: “We might trust research institutions to take that data and glean insights from it,” perhaps about factors that might put people at risk of health problems. But as the likelihood of users actually being identified based on their data rises, he said, “the question then becomes, at what point do you ask for consent.”
Aaron Albright, the director of the media relations group at the Centers for Medicare and Medicaid Services, said in an email that “unlike many retail sites similar to HealthCare.gov, we do not and will not sell a visitor’s information. We will remain vigilant and will continue to focus on what more we can do to keep consumers’ personal information secure.”
“Private sector tools,” he added, “play a critical role in the operation of a consumer focused website. Without these tools, HealthCare.gov would be unable to effectively respond to system errors, issues that result in a poor or slow web experience, or provide metrics to the public on site visits and/or mobile usage. In addition, consumers would have to continuously resubmit information throughout the process making signing up for insurance more difficult.” And, he noted, “the use of these private sector tools is extremely common.”
Dr. Hartzog, too, noted that “what the government is engaging in here, if indeed they’re sharing anonymized data according to certain kinds of industry standards,” is in fact “common practice for lots of different websites, if not most websites.” But consumers may see government websites differently from others: “Anytime you’ve got the government involved, you have higher expectations of transparency simply because of the people’s right to demand transparency and accountability from their government.”
Alessandro Acquisti, a professor of information systems and public policy who studies privacy, made a similar distinction in an email: “Consumers have come to expect and anticipate that privately owned entities will collect, share and trade their data. They may not have similar expectations with regard to a government site dealing with such sensitive data.” And, he said, “if my expectations about what a website does with my data differ from the actual data policies of that site, that’s a privacy problem — because I may be making decisions based on incomplete or incorrect knowledge of what will happen to my data.”
And Dr. Pasquale argued that the revelations about Healthcare.gov were especially disturbing because of the Affordable Care Act’s mandate that most Americans carry health insurance. “What we now have is government effectively rolling into its mandate that you buy insurance that you also have this pervasive data tracking by what I consider to be very unreliable entities, pursuant to terms that we don’t know,” he said.
Data-sharing by Healthcare.gov may present unique issues, but for Dr. Hartzog, it’s also part of a broader problem: “Consumers should be concerned not just because it’s happening at Healthcare.gov but because it’s happening everywhere.”
And to protect ordinary users, simply asking for our consent may not be enough. “Consumers have very limited ability to protect themselves, and they also have very limited ability to even understand the risk of personal disclosure online, and all the different ways that one individual disclosure can be used against you or come back to haunt you when it’s collected, aggregated, shared with others,” said Dr. Hartzog. “It’s incumbent upon policy makers to establish good privacy policy to protect consumers so that we don’t overburden them.”
Such a policy would “make sure that companies protected the personal info they were entrusted with,” and “that they respect the trust that they were given by limiting who they share the information with and how long they keep information.” It would also require that they “try to protect information as it moves downstream,” by holding anyone they share it with to the same restrictions they abide by. Ultimately, he said, we need a system under which “consumers can be confident that the trust they place in companies and governments when they disclose information will be respected.”
Categories
- Benefits Resources
- Bonding
- BOP
- Business Insurance
- Commercial Auto
- Commercial Property
- Company News
- Construction
- Crime Insurance
- Cyber Insurance
- Directors & Officers
- Employee Benefits
- Employment Practice Liability Insurance
- Entertainment
- General Liability
- Health Insurance
- Healthcare
- Healthcare Reform
- Homeowners Insurance
- Hospitality
- Manufacturing
- Medical Malpractice
- Mining & Energy
- Nightclubs
- Personal Auto
- Personal Insurance
- Professional
- Restaurants
- Retail & Wholesale
- Risk Management Resources
- Safety Topics
- SBA Bonds
- Security
- Seminars
- Technology
- Tourism
- Transportation
- Uncategorized
- Workers Compensation
Archives
- May 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- November 2018
- September 2018
- August 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- February 2013
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- March 2011
- November 2010
- October 2010
- September 2010
- April 2010
- February 2010
- November 2009
- October 2009
- November 2008
- August 2008