The healthcare.gov Privacy Statement

As I have noted in my two previous blog posts (here and here), healthcare.gov doesn’t seem to care much about the privacy of American tax payers.  I looked up their privacy statement to see if they are violating their own rules at all.  Turns out they probably are.  I’ll give a quick run down and full image capture of the privacy policy below…

The healthcare.gov privacy policy states:

“Healthcare.gov never collects information for commercial marketing or any purpose unrelated to our mission and goals.”

If this is the case, then why are they using code from Facebook, Google and Twitter?  Are we going to consult Zuckerberg every time I need a flu shot or something?  This makes no sense.

They claim that they only collect the following information:

  • Domain from which you access the Internet
  • IP address (an IP or internet protocol address is a number that is automatically given to a computer connected to the Web)
  • Operating system on your computer and information about the browser you used when visiting the site
  • Date and time of your visit
  • Pages you visited
  • Address of the website that connected you to HealthCare.gov (such as google.com or bing.com)

Further, they claim that:

The HealthCare.gov staff analyzes and reports on the collected data from these tools. The reports are available only to HealthCare.gov managers, members of the HealthCare.gov communications and Web teams, and other designated staff who need this information to perform their duties.

Is Facebook on their staff?  I doubt it.  They go on…

HealthCare.gov keeps the data from our measurement tools as long as needed to support the mission of the website.

So they can sell your data to anybody they like in the future, when their privacy policies change, just like how Facebook sells my posts from 2008, even though their privacy policy has changed since then.

They go on with a little bit about cookies and opting out of cookies, which I don’t think is important.

Then they say:

… we will safeguard the information you provide in accordance with the Privacy Act of 1974, as amended (5 U.S.C. Section 552a).

I wonder if giving our information to social networks and getting information from social networks is in accordance with the privacy act of 1974.  Judging by the date on the law, I bet it probably is, because there was no internet in 1974.

The meat of the matter is addressed in the following section:

How HealthCare.gov uses third-party websites and applications

As a response to OMB Memo M-10-06, Open Government Directive, HealthCare.gov uses a variety of technologies and social media services to communicate and interact with citizens. These third-party website and application (TPWA) tools include popular social networking and media sites, open source software communities, and more. Examples include Facebook, Twitter, and YouTube.

TPWAs are not exclusively operated or controlled by HealthCare.gov. Users of TPWAs often share information with the general public, user community, and/or the third party operating the website. These actors may use this information in a variety of ways. TPWAs could cause PII to become available or accessible to HealthCare.gov and the public, regardless of whether the information is explicitly asked for or collected by us.

HealthCare.gov sometimes collects and uses your PII if you made it available through third-party websites. However, we do not share PII made available through third-party websites. Your activity on the third-party websites we use is governed by the security and privacy policies of those sites. You should review the third-party privacy policies before using the sites and ensure that you understand how your information may be used.

If you have an account with a third-party website and choose to “like,” “friend,” follow, or comment, certain PII associated with your account may be made available to HealthCare.gov based on the privacy policy of the third-party website and your privacy settings within that website. You should adjust privacy settings on your account to match your preferences.

As you can see, Healthcare.gov explicitly admits to sharing information with social networking sites and, “collects and uses your [Personally Identifying Information] if you made it available through third-party web sites.”  This means that information is travelling both ways.  Facebook finds out about your health insurance and health insurance finds out about your facebook.

I find this absolutely unacceptable, and I intend to contact my congressman about it.

If you want to contact congress about this but do not know who to email or write to then use the house.gov site to locate your congressman, senate.gov to find your senator and whitehouse.gov to contact the president.  Tell them that you are concerned about this breach of privacy and that you want it fixed immediately.

Healthcare.gov privacy statement

Click for full image. The Healthcare.gov Privacy Statement, in full, as was accessed on my computer on Oct 23, 2012, around 2:45 AM.

Advertisements

2 thoughts on “The healthcare.gov Privacy Statement

  1. Pingback: Healthcare.gov Gives Information to Facebook, Google, Twitter, and Apple | Time Slipped

  2. Pingback: DJ Earworm’s United State of Pop | Time Slipped

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s