California public health insurance program under scrutiny for sharing data with major tech companies

House Republicans Question California’s Health Insurance Data Sharing Practices

House Republicans have raised concerns regarding California’s public health insurance exchange, focusing particularly on the potential sharing of sensitive patient information with third parties. They sent letters to California officials, asking for clarification on these practices and expressing worries about private patient data being leaked to companies like LinkedIn and Google.

In their correspondence, several members of the House Energy and Commerce Committee stressed that protecting patient confidentiality is essential. They referred to existing federal privacy laws, like HIPAA, which dictate how health information should be handled. The letter highlighted that California must ensure clear guidelines around the processing of patient data.

California law also mandates that consumers must grant permission before their medical information can be disclosed to third parties.

The letter pointed out that recent reports have cast doubt on whether California is complying with these expectations and questioned whether the current monitoring systems effectively prevent unauthorized disclosures.

In late April, public backlash prompted the state health insurance exchange to remove certain data-sharing practices. It was revealed that California had been passing sensitive information, such as pregnancy status and prescription details, to LinkedIn without patients’ consent. This data sharing was uncovered by two research nonprofits analyzing California’s websites.

Data privacy experts indicated that California had over 60 active tracking tools that were leaking sensitive patient information. Comparatively, only three average trackers were found across more than 200 government websites evaluated in a separate study.

After facing criticism, the state’s administration clarified that some of the tools collecting this data were part of an advertising initiative launched the previous year. They asserted that upon recognizing the issue, they acted to eliminate these trackers.

A class-action lawsuit was recently filed against LinkedIn and Google, accusing them of facilitating the interception of confidential communications of California residents.

This move by House Republicans aims to increase oversight of California’s public health insurance exchange, seeking answers on when it shares patient data with third parties.

“Americans have a right to ensure their health data is securely handled,” said a Republican leader after sending out the letters. They expressed hopes for transparency from California in addressing this data security issue.

In the backdrop of these developments, Covered California acknowledged receipt of the letters and indicated they are taking the inquiries seriously, with a response expected by the set deadline. Meanwhile, both Google and LinkedIn have opted not to comment on the situation.