CMS Used Consumers’ Personal Data to Streamline, Improve HealthCare.gov

CMS has undertaken a review of the privacy policies, contracts for third-party tools, and URL construction after it became publicized that HealthCare.gov sent consumers’ personal data to private companies. In a press release, a CMS official said HealthCare.gov used consumers’ information to streamline and improve the consumer experience—to gain data regarding “when consumers are having difficulty, or understand when website traffic is building during busy periods.” The official also said it used the information to educate the uninsured about the importance of health coverage, the role of the Health Insurance Marketplace, and available financial assistance through targeted digital media and advertising.

Personal Information Sent to Contractors

Reportedly, the types of information sent to third-party contractors may include age, income, ZIP code, smoker status, and whether a consumer is pregnant. Contractors may have also received information such as computers’ internet addresses, which can make it possible to identify a person’s name or address. The Obama Administration has said that the contractors are barred from using the consumers’ information for their own business interests, though it has not specified how it ensures the companies are following such rules.

Improving Protection of Privacy

In the release, Director and Marketplace Chief Executive Officer Kevin Counihan stated that the agency is determining whether additional steps are needed to improve the protection of consumers’ privacy but that many tools available on HealthCare.gov do not require consumers to provide their names or fill out an application to receive information. URLs of pages requiring the provision of sensitive information are encrypted so that third parties are not able to view the data entered by the consumer.

“While we have taken steps to improve HealthCare.gov, we know building and maintaining a website is an evolving process,” Counihan said. “[T]hat’s why we will continue this review and take any concerns raised about privacy seriously and will work to address them head on.”