DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Does Healthcare.gov violate their own privacy policy?

Posted on October 30, 2013 by Dissent

No, this is not on HIPAA, but Ben Simo has noted what I think appears to be a legitimate question/concern:

 

I have read some reports that we need not be overly concerned about Healthcare.gov security because the site doesn’t keep much personal information. While we can’t into the site from outside to see what they do with the personal information they collect, we can view their published privacy policies and the data they return to the browser.

So let’s take a look at a couple of things that concern me…

Use of 3rd Party Web Analytics Tools

The Privacy Policy says:

HealthCare.gov uses a variety of Web measurement software tools. We use them to collect the information listed in the “Types of information collected” section above. The tools collect information automatically and continuously. No personally identifiable information is collected by these tools.

However, the system sends some personal information to 3rd party analytics and advertising companies. For example, the following two images show my username and password reset codes being sent to a couple of 3rd parties:

View the screen shots and read more about what he found on IsThereAProblemHere.com.

Update: This problem was reportedly fixed after the research published his concerns, as Kathleen Sebelius just testifed to Congress this morning.  When I visit the site using Chrome, I see 5 companies tracking (via Abine DoNotTrackMe extension):

  • Optimizely
  • CrazyEgg
  • Doubleclick
  • Google Analytics
  • ChartBeat

No related posts.

Category: Uncategorized

Post navigation

← Hosting Service MongoHQ Suffers Major Security Breach That Explains Buffer’s Hack Over The Weekend
Security concerns – or politics, depending on your view – prompt subpoena for Healthcare.gov data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Breaches have consequences (sometimes)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity
  • Patient death at London hospital linked to cyber attack on NHS
  • ShinyHunters and team members arrested in France (2)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.