House Republicans demand answers after Covered California shared sensitive patient data with third-party tech firms.

GOP Lawmakers Seek Accountability for Patient Data Leak

House Republicans have initiated a formal inquiry into California’s state-run public health insurance exchange, Covered California, after revelations surfaced that the program leaked private patient data to major technology companies. The probe follows a letter sent by five Republican members of the House Energy and Commerce Committee, seeking clarification on how Covered California handled sensitive information, including Social Security numbers, prescription details, and pregnancy status.

The controversy stems from a forensic investigation led by nonprofit watchdogs, which discovered that Covered California’s website was sharing detailed patient responses and demographics with third parties such as LinkedIn and Google. The information passed on included answers to highly personal questions, such as medication usage, frequency of doctor visits, and even pregnancy status. Most notably, the site inadvertently shared parts of patients’ Social Security numbers without their knowledge or consent.

Federal privacy laws, particularly the Health Insurance Portability and Accountability Act (HIPAA), require strict safeguards for patient information. California law further mandates explicit consumer permission before any medical data can be disclosed to outside organizations. In their letter, lawmakers questioned whether Covered California met these requirements and whether existing oversight was adequate to prevent such breaches.

Covered California acknowledged the issues in a public statement, attributing the data sharing to more than 60 active website “trackers” that were part of an advertising campaign launched in February 2024. The exchange explained that these tools, including LinkedIn Insight tags, were designed to analyze visitor behavior and tailor communications. However, an internal review found that the trackers had inadvertently collected and transmitted sensitive information. Following public criticism in April, Covered California stated that it promptly removed the tracking tools and began a comprehensive review of its site to prevent further incidents.

“Ensuring the confidentiality of health information is a foundational obligation for entities operating within the health insurance ecosystem,” the lawmakers’ letter asserted, pointing to the importance of trust in public health systems. Representative Jay Obernolte, one of the letter’s signatories, described the unauthorized data sharing as “deeply troubling,” emphasizing that Californians deserve transparency and accountability regarding their private information.

The issue has already resulted in a class-action lawsuit against LinkedIn and Google, accusing both companies of enabling the interception of confidential communications from Covered California customers. The incident highlights the increasing risks associated with online data tracking, especially in sensitive sectors like healthcare.

Covered California has acknowledged receipt of the congressional inquiry and pledged to respond by the July 1 deadline. As scrutiny intensifies, both state and federal officials are expected to focus on strengthening consumer privacy protections and restoring public confidence in the digital handling of personal health data.