HealthCare.Gov Third-Party Tracking Was Overkill, Consultants Say

An Associated Press (AP) story published in January reporting that “dozens” of data companies tracked consumers on the federal marketplace prompted a congressional hearing Feb. 13 by two subcommittees of the House Committee on Science, Space, and Technology. Both Republicans and Democrats questioned why so many companies were given access to consumers’ personal information and whether it could result in security problems.

The conclusion drawn by two data analysts who testified at the hearing was that, while the government needs to monitor its Affordable Care Act health insurance website to increase awareness and enrollment by consumers, the third-party tracking system employed was overkill and it could result in serious security issues.

“They went far beyond what was necessary,” said Michelle De Mooy, deputy director of consumer privacy for the Center of Democracy and Technology. “People who visit government websites often do not have a choice,” since they need to use them to get access to government services, she said.

Morgan Wright, a principal of cybersecurity consulting firm Morgan Wright LLC, said that and have only four and two third-party applications, respectively. Since the original report, the number of third party applications on has been reduced from 50 to 11, he said.

While the Obama administration didn’t testify at the hearing, Kevin Counihan, director and marketplace chief executive officer, posted a response in a blog Jan. 24, saying, “We use some third party tools to do important things, like to get visibility into when consumers are having difficulty, or understand when website traffic is building during busy periods. We also educate those who are uninsured about the importance of health coverage, the role of the Marketplace, and the financial assistance available to Marketplace consumers. One of the most cost-effective and best ways to reach the uninsured is through digital media and advertising. To do this well, we have contracts with companies that help us to connect interested consumers to and continuously measure and improve site performance and our outreach efforts.”

Following the AP report “immediately launched a review of our privacy policies, contracts for third-party tools and URL construction,” Counihan said. “We are looking at whether there are additional steps we should take to improve our efforts. While this process is ongoing, we have taken action that we believe helps further increase consumer privacy.”

Anthem Inc., the second largest health insurer in the U.S., announced Feb. 4 that hackers had broken its servers and stolen Social Security numbers and other personal data in a breach that could impact tens of millions of customers.

Take a free trial to the Health Law Resource Center to receive industry-leading health law news and analysis.