Congress Probes California for Sharing Sensitive Health Data with LinkedIn

Federal legislators are calling on California’s state-run health insurance exchange to explain how it ended up sending sensitive personal data to LinkedIn, a social media platform owned by Microsoft.

The demand follows a troubling investigative report that exposed how information entered by users on Covered California’s website was being funneled through ad tracking tools.

The data, quietly harvested via the LinkedIn Insight Tag, included intimate health details such as whether a user identified as transgender, was pregnant, visually impaired, or had endured domestic abuse.

In some cases, the information also revealed the use of multiple prescription medications. These disclosures took place over more than a year before the trackers were reportedly removed.

Covered California acknowledged the unintentional nature of the data transmission and has since suspended all trackers while reviewing its internal processes.

In a formal letter to Covered California’s executive director, Jessica Altman, five Republican lawmakers voiced their alarm over the exchange’s practices.

We obtained a copy of the letter for you here.

“The Committee seeks to understand how such sensitive data could have been transmitted through advertising trackers, what oversight existed to detect or prevent it, and whether Covered California took appropriate steps to protect consumer information,” the letter stated.

The correspondence was spearheaded by Representative Brett Guthrie of Kentucky, chair of the House Committee on Energy and Commerce, and co-signed by Representatives Earl L. “Buddy” Carter, Gary Palmer, Gus M. Bilirakis, and Jay Obernolte.

Together, they emphasized that the situation warrants a closer look under federal health privacy laws. “The extended period of data exposure raises serious questions about the adequacy of safeguards that Covered California had in place,” they wrote, adding that “circumstances warrant examination of Covered California’s actions under federal privacy standards,” including HIPAA.

The revelations were brought to light through a joint investigation by The Markup and CalMatters, which employed forensic techniques to track the data flows.

Their findings were part of an ongoing series, “Pixel Hunt,” that explores the often-hidden pathways through which websites leak user data.

The exchange, which millions rely on to secure health insurance through the Affordable Care Act, operated the trackers as part of a digital marketing campaign. Users were not informed that their responses, entered in confidence, could be shared with a third party. This violates LinkedIn’s stated policy, which forbids the use of its tag to collect or transmit health-related information.

After the publication of the report, the fallout was swift.

A proposed class-action lawsuit targeting LinkedIn and Google was filed the next day, alleging violations of privacy rights.

Separately, a lawmaker asked the Department of Health and Human Services to determine whether the data sharing constituted a breach of HIPAA protections.

Subsequent reporting found that California was not alone. At least four other state health exchanges were similarly transmitting data to technology companies through embedded tracking pixels.

Covered California has confirmed that it received the congressional inquiry and will provide a response by July 1.

The lawmakers have requested detailed documentation and answers, including what exact data was collected, how many individuals were impacted, and how those individuals will be notified.

They also want broader insight into the exchange’s overall approach to digital tracking. “Ensuring the confidentiality of health information is a foundational obligation for entities operating within the health insurance ecosystem,” the letter stressed.

The post Congress Probes California for Sharing Sensitive Health Data with LinkedIn appeared first on Reclaim The Net.