Healthcare.gov HIPPA VIOLATIONS sharing personal data

Government health care website quietly sharing personal data

HealthCare.gov security — ‘a breach waiting to happen’

HIPPA VIOLATION: website sends your age, income level, pregnancy status etc. to advertising companies
https://www.eff.org/deeplinks/2015/01/healthcare.gov-sends-personal-data

Shocking security problems remain 1 yr later! Got it WINS! > over & patient privacy!

must be read to the very end proves that not only does the Obamacare website have major security issues, but that the incorruptible wonderful well-meaning folks in Washington who care so much about our health and running our lives knew this when the site was launched.Federal medical-privacy law frustrates ID theft victims
http://www.abajournal.com/magazine/article/federal_medical-privacy_law_frustrates_id_theft_victims

a victim of an Obamacare breach and the little known fact that well over half of all identity thefts now arise from information on the Healthcare.gov site.    Once again, any individual in the health care industry that demonstrates the slightest carelessness with patient privacy will likely be bankrupted by HIPPA fines.

Hacker accesses 70,000 Healthcare.gov records, says website is 100% insecure
http://www.slashgear.com/hacker-accesses-70000-healthcare-gov-records-says-website-is-100-insecure-21313926/

In the source code of http://healthcare.gov  is “no right to privacy” tt overrides HIPPA. But it’s hidden!
http://www.frontpagemag.com/2013/frontpagemag-com/no-privacy-for-obamacare-patients/

And watch how they lie about it: OCare Website Hidden Source Code Says Users “Have No Reasonable Expectation of Privacy”

The CEO isn’t the only hacker to publicly confirm the security issues, however, with Kevin Mitnick, Ed Skoudis, and more having issued warnings of an impending security breach if the problems are not corrected. Said Mitnick in a signed statement alongside fellow hackers: “It’s shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise or access to consumer proprietary information.” Despite these warnings, the government has maintained Healthcare.gov is secure and undergoes regular security testing. Whether this latest breach performed by Kennedy will spur a proper review and corrections of the issue at hand is yet to be seen (and a cynic might express ample doubt at this point), but all signs point towards a ticking clock counting down to a major — malicious — data breach.
HealthCare.gov is shuttling personal data to third parties
http://www.slashgear.com/healthcare-gov-is-shuttling-personal-data-to-third-parties-21365499/

Judicial Watch, a politically conservative government watchdog group, has filed a Freedom of Information Act lawsuit against the Department of Health and Human Services seeking the release of all records – including studies, memos, e-mails, and slide presentations – related to the security of the HealthCare.gov Web portal dating back to Jan. 1, 2012.
http://www.healthcareinfosecurity.com/healthcaregov-security-answers-sought-a-6700

Doesn’t that violate HIPPA? Among other privacy laws? -> website quietly sharing personal data 

WASHINGTON (AP) — The government’s health insurance website is quietly sending consumers’ personal data to private companies that specialize in advertising and analyzing Internet data for performance and marketing, The Associated Press has learned.

The scope of what is disclosed or how it might be used was not immediately clear, but it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer’s Internet address, which can identify a person’s name or address when combined with other information collected by sophisticated online marketing or advertising firms.

The Obama administration says HealthCare.gov’s connections to data firms were intended to help improve the consumer experience. Officials said outside firms are barred from using the data to further their own business interests.

There is no evidence that personal information has been misused. But connections to dozens of third-party tech firms were documented by technology experts who analyzed HealthCare.gov and then confirmed by AP. A handful of the companies were also collecting highly specific information. That combination is raising concerns.

Leading lawmakers on Tuesday asked the administration to explain how it oversees the data firms to make sure no personally identifiable information is improperly used or shared.

The administration did not explain how it ensures that companies were following the government’s privacy and security policies.

Albright said HealthCare.gov comports with standards set by the federal National Institute for Standards and Technology. But recent NIST guidance cautions that collecting bits of seemingly random data can be used to piece together someone’s identity.

In a recent visit to the site, AP found that certain personal details — including age, income and smoking habits — were being passed along, likely without consumers’ knowledge, to advertising and Web analytics sites.

Third-party outfits that track website performance are a standard part of e-commerce. HealthCare.gov’s privacy policy says in boldface that “no personally identifiable information is collected” by these Web measurement tools.

“Personally, I look at this … and I don’t know what is going on between the government and Facebook, and Google, and Twitter,” said Mehdi Daoudi, CEO of Catchpoint Systems. “Why is that there?”

Third-party sites embedded on HealthCare.gov can’t see your name, birth date or Social Security number. But they may be able to correlate the fact that your computer accessed the government website with your other Internet activities.

Daoudi’s company, Catchpoint Systems, came across some 50 third-party connections embedded on HealthCare.gov. They work in the background, unseen to most consumers.

The AP replicated the results. In one 10-minute visit to HealthCare.gov recently, dozens of websites were accessed behind the scenes. They included Google’s data-analytics service, Twitter, Facebook and a host of online advertising providers.

“I think that this could erode … confidentiality when dealing with medical data and medical information,” said Cooper Quintin, a staff technologist with the Electronic Frontier Foundation, a civil liberties group.

http://bigstory.ap.org/article/31490a20926d4ed3b98ff2d0ed8fc81d/new-privacy-concerns-over-governments-health-care-website

Advertisements

About Educational CyberPlayGround, Inc.®

Educational CyberPlayGround, Inc. strives to help Teachers, Parents, and Policy Makers Learn about: Music, Teaching, Internet, Technology, Literacy, Arts and Linguistics in the K12 classroom.
This entry was posted in NetHappenings and tagged , , , , , , , , , . Bookmark the permalink.