House Republicans Demand Clarity on Covered California’s Data Sharing Concerns
House Republicans have sent a letter to California’s public health insurance exchange, Covered California, demanding accountability following allegations of leaking private patient data to third-party entities like LinkedIn and Google. The inquiry focuses on potential HIPAA violations and the mishandling of sensitive health information. The issue gained attention after an investigation by Cal Matters revealed that Covered California’s website was sharing patients’ private data, including Social Security numbers and medical details, with LinkedIn through ‘trackers.’
Sparked by public criticism in late April, the controversy began after investigative nonprofits uncovered that Covered California’s website was transmitting patients’ private information such as pregnancy status, prescription drug use, medical history, and demographic data to LinkedIn without consent. This led to the removal of these trackers from the site. The investigation by Cal Matters, which found that Covered California had over 60 active trackers, highlighted a significant privacy concern. The average number of trackers across government websites was only three. Covered California admitted to sharing patients’ Social Security numbers, which raised further questions about the state’s data security practices.
In a public statement, Covered California outlined that the trackers were part of an advertising campaign initiated in February 2024, and once the data sharing was discovered, they were removed in April 2025. The state health insurance exchange is now reviewing its entire website to ensure no more analytical tools are improperly collecting or sharing sensitive patient data. Meanwhile, a class-action lawsuit has been filed against LinkedIn and Google, alleging that the companies were enabling the interception of private health communications of Covered California customers.
House Republicans, led by Chairman Brett Guthrie and California Rep. Jay Obernolte, are seeking transparency and accountability, emphasizing that Americans deserve to know their privacy is secure. Covered California has acknowledged receiving the letter and is currently reviewing the requests with a deadline to respond by July 1. Google and LinkedIn have not commented on the issue, leaving the matter in limbo as investigations continue.
As the situation unfolds, concerns over data security and privacy in public health systems are intensifying. The incident underscores the growing scrutiny on how state-run health insurance exchanges manage sensitive information and the risks associated with sharing such data with third-party platforms. With the potential financial implications of data breaches and privacy violations, the issue is likely to draw further attention from lawmakers and the public.