[HN Gopher] California sent residents' personal health data to L...
___________________________________________________________________
California sent residents' personal health data to LinkedIn
Author : anticorporate
Score : 158 points
Date : 2025-05-15 14:13 UTC (8 hours ago)
(HTM) web link (themarkup.org)
(TXT) w3m dump (themarkup.org)
| oaththrowaway wrote:
| Why does a state have ad tracking data? Are they really that hard
| up for cash that they need to have ad campaigns for people
| selecting insurance?
| timfsu wrote:
| I understood it to be the reverse - they advertise on LinkedIn,
| and the trackers determine whether the users convert once they
| click through. Not great, but at least not as ill intentioned
| kva-gad-fly wrote:
| Not sure I understand this, but "I" (coveredca) pay linkedin
| to place my ads, for which "I" have to use their libraries?
| That then scrape "my" clients/customer data to linkedin? for
| them to make more money selling that data?
|
| Does this also mean that those pious popups about "Do not
| sell my information" are essentially vacuous?
| cryptonector wrote:
| It could be insiders getting kickbacks.
| 1024core wrote:
| How is this not a HIPAA violation??
| runjake wrote:
| Who says it's not? It looks like a HIPAA violation to me.
| SapporoChris wrote:
| While I wish it was a HIPAA violation, I am not sure it
| qualifies. "The HIPAA standards apply to covered entities and
| business associates "where provided" by SS160.102. Covered
| entities are defined as health plans, healthcare
| clearinghouses, and healthcare providers who electronically
| transmit PHI in connection with transactions for which HHS has
| adopted standards" https://www.hipaajournal.com/what-is-a-
| hipaa-violation/#what...
|
| Covered California is a health insurance marketplace. It is not
| an Insurance Carrier or an Insurance Clearing house. Perhaps
| they're guilty of something else?
| spacemadness wrote:
| Sounds like HIPAA needs some adjustments made to cover
| marketplaces.
| AStonesThrow wrote:
| HIPAA is not designed to protect consumer or patient
| privacy. That is a silly fiction that voters and
| constituents believe in order to prop up the legislation.
|
| HIPAA is designed to protect the privacy of providers,
| clinics, hospitals, and insurance carriers. HIPAA is
| designed to make it maximally difficult to move PHI from
| one provider to the next. HIPAA is designed to make it
| maximally difficult for plaintiff attorneys to discover
| incriminating malpractice evidence when suing those
| providers. HIPAA is a stepping-stone to single-payer
| insurance.
|
| HIPAA also makes it maximally difficult to involve other
| people, providers, and entities in your health care. No
| entity under HIPAA can legally divulge the slightest tidbit
| to your brother, your parents, or anyone who contacts them,
| unless an ROI is on file. Those ROIs are a thing you have
| to go pursue on your own -- they are never offered or
| suggested by the provider -- and those ROIs will expire at
| the drop of a hat -- and you never know if an ROI is valid
| until it is tested at the point of that entity requesting
| information.
| Drunk_Engineer wrote:
| However, it may violate the state's Electronic Communication
| Privacy Act.
|
| https://calmatters.org/health/2025/05/covered-california-
| lin...
| jeron wrote:
| the state will do an investigation on itself and find no
| wrongdoing
| wrs wrote:
| Two reasons: The marketplace is not a covered entity (it
| doesn't provide healthcare or process transactions), and the
| information is not a medical record (it's typed in by the user,
| not generated by a healthcare provider).
|
| However, California has its own more general privacy law about
| using medical information for marketing purposes.
| kjkjadksj wrote:
| So if I fill out my medical record form at the doctors office
| its not a medical record because me the user filled it out
| before handing it over the front desk?
| wrs wrote:
| Because you filled it out in the context of interacting
| with a medical provider, then gave it to them for their
| records, that is a medical record. (Just like a
| conversation with your doctor about your history would be.)
|
| If you filled out the same form just to keep in your desk
| drawer for your family's reference, it would not be. Also,
| if you ask for a copy of your record, as soon as you take
| personal possession of it, HIPAA no longer cares about it,
| because you aren't a covered entity.
|
| (Source: I founded a startup that spent a lot of money on
| attorneys to confirm this.)
| autoexec wrote:
| Filling out forms at the doctor's office is one way they
| trick you into authorizing them to sell your data and no
| matter how careful you are about it you can still end up
| having your data sold.
| https://www.statnews.com/2023/04/07/medical-data-privacy-
| phr...
| kordlessagain wrote:
| Covered California, the state's health insurance marketplace,
| leaked deeply sensitive health information and pregnancy status,
| domestic abuse disclosures, and prescription drug use to LinkedIn
| via embedded ad trackers.
|
| It's a pattern we've seen across government and private sectors:
| infrastructure designed for care is being exploited for
| behavioral targeting through advertising motions. The public
| doesn't expect their health decisions to be fed into social ad
| networks, but the platforms already assume ownership of that data
| trail.
|
| And of course, it's all connected. The same companies monetizing
| behavioral profiling at scale are now running the most powerful
| generative AI systems. Microsoft, which owns LinkedIn, is also
| the key infrastructure partner of OpenAI. Meta's ad tools were
| present on these health sites too. Google's trackers are
| everywhere else.
|
| When you strip away the techno-mystique, what's driving the AI
| and data arms race isn't wisdom. It's ego, power consolidation,
| and a pathological fear of being second.
|
| And Sam Altman? He's not stupid. But brilliance without wisdom is
| just charisma in a predator suit. Why do you think all these
| services tie directly into AI?
| jajko wrote:
| Sociopaths being sociopaths, there is nothing more to it. One
| should _never_ assume those who rose to massive power and
| wealth on their own are anything else but that. There are few
| exceptions, or rather well-meaning sociopaths, but they are
| really an exception.
|
| The idea that they only got there by doing a bit of hard honest
| work is brutally naive. Its a sad fact of life, but fact it is.
| Looking at world with such optics, there are hardly any
| surprises (and no its not all doom and gloom, rather just
| factual reality with very few disappointments down the line).
| FredPret wrote:
| It's the idea that class warfare will get us anywhere good
| that's brutally naive at this point.
| yapyap wrote:
| I think class warfare will get the working class further
| than whatever is being done at the moment honestly.
| FredPret wrote:
| ...why? How?
|
| Have you seen any history at all? This has never worked.
|
| Cohesive, trusting societies get _much_ further than ones
| that are at war with themselves. Even so, cohesion and
| trust are nice-to-haves.
|
| Tech progress and GDP growth has meant that the world's
| poor live better lives, decade after decade, for many
| centuries now.
| uoaei wrote:
| Cohesive trusting societies are borne out of the struggle
| to dethrone oligarchs and lords.
| apercu wrote:
| I don't think he working class started the war so if the
| working class stops the class war doesn't end.
| FredPret wrote:
| People advocating for their interests isn't warfare.
|
| I assure you there are virtually no rich people cackling,
| monocles and cigars in place, over the fate of the poor.
|
| When the working class unionizes or vote for more rights,
| this isn't warfare - as long as it's fair-minded and
| pragmatic rather than idealogical. The same goes for the
| rich.
|
| Regarding people with other backgrounds and interests as
| evil sociopaths / socialists is where the problem comes
| in.
| test098 wrote:
| > People advocating for their interests isn't warfare.
|
| When those interests come at the expense/lives of other
| people, it is [1] [2].
|
| > I assure you there are virtually no rich people
| cackling, monocles and cigars in place, over the fate of
| the poor.
|
| Correct, their theatrics are even dumber than that [3].
|
| ---
|
| [1] "House Republicans Push Forward Plan to Cut Taxes,
| Medicaid and Food Aid" -
| https://www.nytimes.com/2025/05/14/us/politics/congress-
| tax-...
|
| [2] "Sanders on GOP Medicaid cuts: 'Thousands and
| thousands of low-income and working people will die'" -
| https://thehill.com/homenews/senate/5302085-bernie-
| sanders-r...
|
| [3] "Musk waves a chainsaw and charms conservatives
| talking up Trump's cost-cutting efforts" -
| https://apnews.com/article/musk-chainsaw-trump-
| doge-6568e9e0...
| FredPret wrote:
| Musk waving a chainsaw is one out of many hundreds of
| millions of rich people. And there's reason to believe
| that _he believes_ he 's doing something that's good for
| society in the long run, even if you disagree with him.
| yndoendo wrote:
| Empathy is intelligence, a void of empathy is lack of
| intelligence. Empathy is the only means to "put your self
| in someone else's shoes".
|
| I would also classify narcissism as a void of
| intelligence, they cannot be honest with others and
| themselves. They always must be right and know everything
| when they are wrong and know nothing about the subject.
|
| Lacking empathy and being a narcissist does not benefit
| society, only one's self interests. That is billionaire,
| not millionaire, Elon Musk. He is just selling the idea
| of "doing something good" to improve his self interests.
|
| How many charities does he fund? How much of with wealth
| goes to studying the eradication of disease like cancer
| or parkinson's?
|
| But don't worry, his statement from 2014 about full self
| driving cars are just around the corner and will help
| humanity reach it's peak. Just like traveling to Mars. /s
|
| His actions actually harm society. Hungry children have
| reduced mental capabilities to advance in school and
| their futures. He choose to actively harm future
| generations and those he doesn't deem worthy.
| uoaei wrote:
| It's not often I come across someone who so clearly
| identifies as a temporarily embarrassed millionaire.
|
| By definition, 1% of the _world 's_ population is 80MM
| people, so your "hundreds of millions" statement bares
| your ideological slant more than you may realize.
| piva00 wrote:
| > Tech progress and GDP growth has meant that the world's
| poor live better lives, decade after decade, for many
| centuries now.
|
| Every single time during the leaps of technology that
| brought tech progress and GDP growth there needed to be
| some kind of workers' revolt or the threat of it to
| actualise poors living better lives. Every leap in
| progress of systemic quality of life for workers came
| through class war: revolts, general strikes, mass
| protest, organized labour, etc.
|
| Why do you think now it's different?
| WalterBright wrote:
| There was no workers' revolt in the 19th century US, but
| the lives of the poor across the board pulled scores of
| millions in poverty into the middle class and beyond.
|
| The common thread of workers' lives improving is free
| markets, not revolts.
| vharuck wrote:
| There was the Homestead Strike in 1892, during which 9
| people died. The Pinkerton Detective Agency, which
| "handled" the strike for Carnegie, is notorious for
| violently busting strikes in the 19th century US.
|
| https://en.wikipedia.org/wiki/Homestead_strike
| WalterBright wrote:
| And how many workers did that affect vs the population of
| the country?
| test098 wrote:
| It was the beginning of a movement which affects all
| workers in the US today, so... 100%.
| test098 wrote:
| There were plenty of worker revolts in the 19th century
| which laid the groundwork for the modern labor movement.
|
| https://www.pbs.org/wgbh/americanexperience/features/them
| ine...
| beedeebeedee wrote:
| That is not accurate. There were many strikes in the
| industrial part of the US during the 1800's. That's how
| working conditions were improved in the mills. The free
| market would have crushed the working people had they not
| banded together and revolted to improve safety, reduce
| working hours, and increase pay.
|
| Wikipedia has articles on the larger actions like this: h
| ttps://en.wikipedia.org/wiki/1835_Philadelphia_general_st
| ri...
|
| The rest of the US was primarily agricultural, and did
| not have major strikes until later, but the improvement
| in the lives of those people who lived there was not
| because of free markets. Their lives improved because of
| the immense natural resources that were literally being
| given away free to people to cultivate and exploit, after
| the Native Americans were subjugated and removed.
| jbmchuck wrote:
| There were quite a few slave revolts in the 19th century.
| autoexec wrote:
| The war has never stopped https://en.wikipedia.org/wiki/U
| nion_violence_in_the_United_S...
| piva00 wrote:
| > The common thread of workers' lives improving is free
| markets, not revolts.
|
| The common thread is both, not one or the other.
| FredPret wrote:
| Unionizing and voting for Saturdays off and the politics
| of the underdog hardly counts as "warfare".
|
| It's when we regard one another as evil that we start to
| pursue ideology over pragmatism and end up cutting off
| our noses to spite our faces.
|
| I object to my original parent comment's characterizing
| of everyone with any form of wealth and power as being a
| sociopath. It's not only untrue (which is
| disqualification enough), but this kind of attitude
| doesn't serve anyone.
| beedeebeedee wrote:
| > Unionizing and voting for Saturdays off and the
| politics of the underdog hardly counts as "warfare".
|
| Yes, the workers' demands were reasonable, but they were
| met with warfare by the upper class who did not want to
| accept reasonable demands. The most extreme example is
| the Battle of Blair Mountain, but there are countless
| records of strike breakers beating and killing workers
| for striking and unionizing.
| test098 wrote:
| You should maybe read about the history of the US labor
| movement to understand how and why we have good working
| conditions: https://www.pbs.org/wgbh/americanexperience/f
| eatures/themine...
| FredPret wrote:
| We have good working conditions mainly because we can now
| afford them.
|
| Do you think poor people didn't get upset / rebellious in
| centuries and millennia past?
|
| The difference now is that we have the GDP and tech to
| support much cushier lives for vast numbers of people.
| biophysboy wrote:
| Technology increases the size of the pie, but it is
| always possible to make the distribution of slices
| extremely unequal. More gdp and tech does not guarantee a
| better quality of life, as many countries today
| demonstrate.
| kjkjadksj wrote:
| French revolution worked pretty well for the working
| class
| s1artibartfast wrote:
| I cant tell if that is sarcasm or not. It was
| characterized by mass dysfunction and devolved into a
| dictatorship within 5 years, and 10 years of global war
| as France tried to fund populist mistakes by pillaging
| foreign countries, a million French deaths, and maybe 4
| million foreign deaths, not to mention mass wounded,
| starvation, and hardship.
| alganet wrote:
| Warfare is dumb.
|
| The class struggle is a perspective. It points to how
| blind rich people are to social issues, and how blind the
| poor are to economic issues. These two need the struggle,
| gently. Without it, there is either bloody revolution or
| cruel autocracy.
|
| That's as simple as it gets. Many people get it wrong.
| apercu wrote:
| I assure you that poor people are not universally blind
| to economic issues. lol.
| alganet wrote:
| That's the least important part of my statement.
|
| There is a struggle between those who have power and
| those who don't. This displacement creates blind spots,
| and also vantage points.
| lawlessone wrote:
| poor people can't afford to be blind to economic issues.
| Rich people have more leeway there.
| alganet wrote:
| Do you consider yourself blind to economic issues? Rich
| or poor? Straight question.
| Loudergood wrote:
| Class warfare is already happening from the top down.
| timewizard wrote:
| I love it when enforcing laws and fairness is perceived as
| "class warfare."
| pseudocomposer wrote:
| What do you define as "class warfare?" Do you agree that
| the current status-quo hyper-consolidation of wealth our
| economy has fostered since act least 1972 is already an
| ongoing type of class warfare?
|
| And finally, why do you think class warfare can't get us
| anywhere?
| lo_zamoyski wrote:
| What we call "power" is not a property of a person, but a
| function of networks of relationships. A king is only
| "powerful" insofar as his authority is recognized. The moment
| his perceived authority is lost, the moment no one or few
| recognize it, is the moment he no longer has "power".
|
| In other words, it only works if there is enough social
| support for it. It requires our complicity.
|
| Most people with ASPD (what you call sociopathy) are not able
| to build these sorts of networks. They're impulsive. They are
| over-represented among the homeless. They are poor at
| planning or foreseeing the consequences of their actions.
| These are not exactly conducive to building these social
| networks. A sociopath is more the street thug or the
| gangbanger and less the CEO of a corporation.
| quantified wrote:
| Would we be surprised to learn of 10x this level of leakage to
| Facebook? Based on the social tracking I've casually observed
| via browser tools when signing up to a variety of services, I'd
| be surprised if it's not. The weird thing here is that it's
| LinkedIn getting the data, not that it's being sent.
| knowitnone wrote:
| California will investigate and find no wrong. Also,
| LinkedIn==Microsoft
| ty6853 wrote:
| They published ("leaked" lol no -- it was all available through
| a polished portal) the name and address of all CCW and DROS
| registered firearm holders (including judges, DV victims,
| prosecutors, etc) and nothing happened.
|
| They use your information for political warfare.
| actionfromafar wrote:
| That's nothing. The Federal governemnt sent residents' personal
| health data to _xAI_.
| barbazoo wrote:
| Source?
| blindriver wrote:
| If you routinely clear your cookies, does that protect you from
| long term tracking?
| wat10000 wrote:
| Fingerprinting is an active area of research (both attack and
| defense), so the answer is, maybe, depending on just how unique
| your setup is. EFF has a nice demo that will try to fingerprint
| you and tell you how trackable you are based on non-cookie
| data: https://coveryourtracks.eff.org
|
| Of course, new techniques are invented all the time, so that
| may not cover everything.
| blindriver wrote:
| Unless they are targeting a specific individual for spying
| purposes, is there any benefit to doing such deep
| fingerprinting at the individual level, given that multiple
| people might use the same computer? It seems like knowing
| every single thing done at that computer may be too much
| information that might not have value but having more broad-
| based tracking patterns would be cheaper and more profitable,
| no?
| wat10000 wrote:
| Advertisers say that the better they can target
| advertisements, the more valuable they are. If so, then
| every bit of fingerprinting helps. Maybe multiple people
| use a computer which degrades it for those particular
| people, but then many other computers are used by only one
| person, so it's helpful in aggregate. I'm skeptical this
| actually works, given the atrocious quality of ads that I
| see when they sneak past my ad blocker, but that's what
| they say.
| barbazoo wrote:
| My understanding is that people would have to intentionally click
| on the ad on LI to get access to the cookie that contains the
| sensitive info from the insurance signup flow (which was
| triggered by clicking the ad). Is that correct?
| treebeard901 wrote:
| The reality is that anyone in the medical field can put any kind
| of information in your medical records for any reason. Many
| motivations exist to compel this kind of behavior. Sometimes this
| can be in a part of your permanent record that they do not have
| to provide to you, even if you follow the rules and laws to
| request the information. Many exceptions exist under the
| disclosure laws.
|
| Your information then can be freely shared with others but not
| given to you or give you any way to correct the false information
| in your record.
|
| For what it's worth, in the United States at least, you have
| several permanent records that follow you everywhere you go. Your
| medical records work in a similar way to your former employers.
| In fact, employer confidentiality to other employers allows them
| to say almost anything about you and neither has to share it with
| you and you have no chance to have any kind of fair process to
| correct it.
|
| Now add all the data brokers and the other bribery kind of
| situations and the whole system is basically broken and corrupt.
| nradov wrote:
| That is misinformation. HIPAA covered healthcare providers are
| legally required to give you copies of your health information
| upon request, and can only charge a nominal fee for this
| service (in practice it's usually free). Any patient who is
| blocked from accessing their own medical records should file a
| formal complaint with HHS; they have fined multiple provider
| organizations for violations.
|
| https://www.hhs.gov/hipaa/for-individuals/guidance-materials...
|
| https://www.hhs.gov/hipaa/for-professionals/compliance-enfor...
| dzdt wrote:
| Amazing to me that an article like this doesn't have a big
| section discussing how a provider sharing personal health data
| without permission is blatantly illegal under the HIPAA act. It
| only mentions as an aside that there are various related
| lawsuits.
|
| Covered California's privacy policy explicitly says they follow
| HIPAA and that "Covered California will only share your personal
| information with government agencies, qualified health plans or
| contractors which help to fulfill a required Exchange function"
| and "your personal information is only used by or disclosed to
| those authorized to receive or view it" and "We will not
| knowingly disclose your personal information to a third party,
| except as provided in this Privacy Policy".
|
| Those privacy policy assertions have been in place since at least
| October 2020, per the Internet Archive wayback machine record.
| [2]
|
| [1] https://www.coveredca.com/pdfs/privacy/CC_Privacy_Policy.pdf
|
| [2]
| https://web.archive.org/web/20201024150356/https://www.cover...
| autoexec wrote:
| Companies outright lie in their privacy polices all the time.
| The legal risk in doing so is basically zero because nobody
| bothers to sue and it's impossible to show damages.
| vharuck wrote:
| When I first read the headline, I thought it was a boneheaded
| mistake of forgetting to disable tracking on certain web pages.
| But no:
|
| >The Markup found that Covered California had more than 60
| trackers on its site. Out of more than 200 of the government
| sites, the average number of trackers on the sites was three.
| Covered California had dozens more than any other website we
| examined.
|
| Why is Covered California such an outlier? Why do they need _60_
| trackers? It 's an independent agency that only deals in health
| insurance, so they obviously (and horribly) thought it was a good
| idea to send data about residents' health insurance to a third
| party.
| autoexec wrote:
| I'm sure they did it for money. Those trackers weren't put
| there for nothing. At least government websites funneling
| citizen's data to Google by using Google Analytics on their
| sites can argue that they're just selling out taxpayers to get
| easy site metrics. When you've got 60 trackers on a single page
| though, somebody is stuffing their pockets with cash in
| exchange for user data.
| threetonesun wrote:
| I assume some of it was to show targeted ads on social media
| platforms. I'm sure an internal KPI is new customers, just like
| any e-commerce site.
| neilv wrote:
| For the last week, LinkedIn kept showing me ads for some specific
| dental procedure, near the top of my feed.
|
| It's an optional follow-on procedure for the dental surgery
| procedure I had scheduled for this week.
|
| I'm much more careful than most people about keeping Web search
| and browsing history private. But there's a chance that last week
| I browsed some question about the scheduled procedure, from my
| less-private Web browser, rather than from the Tor Browser that I
| usually use for anything sensitive that doesn't require
| identifying myself.
|
| If I didn't make a Web OPSEC oops, it looks like maybe someone
| effectively gave private medical information to LinkedIn, of all
| places (an employment-matchmaking service, where employers are
| supposed to be conscientious of EEOC and similar concerns).
| cm2012 wrote:
| Even with the absolute incompetence shown in this article (Meta
| or Google would never make a mistake like this), no one has been
| actually harmed.
| biker142541 wrote:
| If you have a value sliding scale of "actually harmed", then
| almost no privacy breach harms anyone, right? Is the threshold
| for harm actually being scammed, physically hurt, reputation
| damaged?
|
| Thankfully, those the law is not based on such thresholds.
| cm2012 wrote:
| Relative to the actual harms caused, HN freaks about this
| kind of stuff too much.
| goldchainposse wrote:
| People like to say "big tech sells their data." This is actually
| rare. Almost every other company you deal with willing gives it
| to big tech, and they just hoard it and run ads with it.
| rob_c wrote:
| Bright to you by the state reinventing gdpr for the American
| audience another 80IQ moment which will be lauded by some as a
| brave new world...
|
| Get your act together and either resign or stop handling public
| data let alone the sensitive stuff. I'm serious, draft that
| letter now.
___________________________________________________________________
(page generated 2025-05-15 23:01 UTC)