The Curated Daily
← Back to the archiveHealthcare Data Privacy · 6 min read
Healthcare Data Privacy

Your Health Data, Sold? How Healthcare Marketplaces Shared Information with Ad Tech

Recent revelations show US healthcare marketplaces shared sensitive citizenship and race data with advertising technology companies. Explore the financial & privacy implications.

By the editors·Monday, May 4, 2026·6 min read
Close-up view of a computer displaying cybersecurity and data protection interfaces in green tones.
Photograph by Tima Miroshnichenko · Pexels

The promise of the Affordable Care Act (ACA), and the healthcare marketplaces it created, was to expand access to affordable health insurance. However, recent investigations have revealed a disturbing practice: the sharing of sensitive user data – including citizenship and race information – with advertising technology (ad tech) companies. This raises serious questions about privacy, financial security, and the ethics of data handling within a system designed to protect consumers. This article dives deep into what happened, the financial implications for individuals, and what you can do to protect yourself.

The Data Leak: What Happened?

Investigations by Stat News and The Markup uncovered that healthcare.gov, the federal marketplace, and several state-run marketplaces were using code – specifically, tracking tools from companies like Google and Facebook (Meta) – that sent user data to these ad tech giants. This wasn’t a traditional “hack” or data breach. Instead, the marketplaces actively sent the information, ostensibly to track the effectiveness of their outreach efforts.

However, the data transmitted went far beyond basic analytics. The information shared included:

  • Citizenship Status: Whether an individual was a US citizen.
  • Racial and Ethnic Identity: Data on users’ racial and ethnic backgrounds.
  • Income Information: Approximate income brackets.
  • Application Status: Whether an application was submitted, approved, or denied.
  • User Interactions: Details on the pages visited and buttons clicked within the marketplace.

The justification provided by marketplace officials was to understand how well marketing campaigns were reaching different demographic groups. But privacy advocates and experts argue that the scale and nature of the data sharing were excessive and potentially illegal, violating HIPAA (Health Insurance Portability and Accountability Act) and other privacy regulations. While the data wasn’t directly linked to personally identifiable information (PII) like names or social security numbers in the initial transmission, experts point out the potential for re-identification through data matching techniques, especially when combined with other publicly available datasets.

Why is This a Financial Concern?

While the immediate impact might not be a direct financial loss, the long-term financial implications of this data sharing are significant. Here’s how:

  • Targeted Scams and Fraud: Knowing an individual is actively seeking health insurance – and potentially has specific health needs or income levels – makes them a prime target for insurance fraud, phishing scams, and identity theft. Fraudulent health insurance plans or "sham" coverage could leave individuals with massive medical bills.
  • Discriminatory Pricing: Ad tech companies could potentially use this data to tailor advertising for financial products, loans, or even housing based on race or citizenship status, potentially leading to discriminatory pricing or denials of services. This is a subtle but potentially devastating financial impact.
  • Increased Insurance Premiums: While less direct, a compromised understanding of risk pools (based on inaccurate data potentially influenced by this sharing) could eventually contribute to inaccurate premium calculations.
  • Identity Theft & Credit Damage: The risk of identity theft is significantly increased when sensitive data is exposed. This can lead to fraudulent credit card applications, loans taken out in your name, and ultimately, a damaged credit score. Protecting your credit is critical; consider a credit monitoring service like .
  • Potential Legal Costs: Although not a direct cost to individuals immediately, the lawsuits resulting from this data sharing practice could indirectly lead to increased healthcare costs or changes in marketplace operations.

The Role of Ad Tech: How Does It Work?

Understanding how ad tech companies utilize this data is crucial. Ad tech operates on a complex system of data collection, profiling, and targeted advertising. Here's a simplified breakdown:

  1. Data Collection: Tracking tools (like pixels and cookies) embedded in websites collect information about user behavior.
  2. User Profiling: This data is aggregated and used to create detailed profiles of individual users, including their demographics, interests, and online habits.
  3. Targeted Advertising: Advertisers then bid to display ads to specific user profiles. The more detailed the profile, the more targeted (and potentially lucrative) the advertising.
  4. Data Brokering: Ad tech companies may also sell or share this data with other data brokers, further expanding its reach.

In the case of healthcare data, the information shared could be used to identify individuals likely to have specific health conditions or financial vulnerabilities, making them attractive targets for advertisers.

What Regulations Were Violated?

The data sharing raises significant concerns about compliance with several key regulations:

  • HIPAA (Health Insurance Portability and Accountability Act): While healthcare.gov isn't directly covered by HIPAA (it's a marketplace, not a healthcare provider), the sharing of information that could be used to identify individuals or their health conditions raises questions about its compatibility with HIPAA's privacy principles.
  • Affordable Care Act (ACA) Privacy Rules: The ACA itself has provisions designed to protect consumer privacy. The extent to which the data sharing violated these provisions is under scrutiny.
  • State Privacy Laws: Several states have enacted comprehensive privacy laws (like the California Consumer Privacy Act - CCPA) that grant consumers greater control over their personal data. These laws may have been violated depending on the residency of the individuals whose data was shared.
  • FTC (Federal Trade Commission) Act: The FTC has the authority to investigate unfair or deceptive trade practices, including the misuse of consumer data.

What Can You Do to Protect Yourself?

While you can’t undo the past data sharing, you can take steps to mitigate the risks and protect your financial wellbeing:

  • Monitor Your Credit Report: Regularly check your credit report for any suspicious activity. You are entitled to a free credit report from each of the three major credit bureaus (Equifax, Experian, and TransUnion) annually.
  • Be Wary of Phishing Scams: Be extremely cautious of any unsolicited emails, phone calls, or text messages requesting personal information, especially those related to health insurance.
  • Use Strong, Unique Passwords: Use strong, unique passwords for all your online accounts, including your healthcare marketplace account. Consider using a password manager.
  • Enable Two-Factor Authentication: Whenever possible, enable two-factor authentication (2FA) to add an extra layer of security to your accounts.
  • Review Privacy Policies: Take the time to read the privacy policies of websites and services you use.
  • Use a VPN (Virtual Private Network): A VPN can encrypt your internet traffic and mask your IP address, making it more difficult for trackers to monitor your online activity. https://example.com/ – a popular VPN service.
  • Advocate for stronger data privacy laws: Contact your elected officials and advocate for stronger data privacy regulations that protect consumer health information.

The Future of Healthcare Data Privacy

This incident serves as a stark reminder of the vulnerabilities surrounding healthcare data in the digital age. Increased scrutiny from regulators and advocacy groups is likely, potentially leading to stricter regulations and enforcement. The debate will likely center on:

  • Data Minimization: The principle of collecting only the data that is absolutely necessary.
  • Transparency: Providing consumers with clear and concise information about how their data is being collected and used.
  • Data Security: Implementing robust security measures to protect data from unauthorized access.
  • Accountability: Holding organizations accountable for data breaches and privacy violations.

This case is a wake-up call. Protecting your personal and financial information in the increasingly complex world of digital healthcare requires vigilance and proactive measures. The future of healthcare data privacy depends on holding organizations accountable and demanding greater transparency and control over our sensitive information.

Disclaimer: This article contains affiliate links to products and services. We may receive a commission if you click on these links and make a purchase. This does not influence our editorial content, and we strive to provide honest and unbiased recommendations. The information provided in this article is for general informational purposes only and should not be considered financial or legal advice. Always consult with a qualified professional for personalized advice.

Pass it onX·LinkedIn·Reddit·Email
Filed under:healthcare data privacy·health insurance marketplaces·ad tech·data breaches·financial implications·healthcare.gov
The Sunday note

If this was your kind of read.

Sign up for the morning email — short, hand-written, and sent only when there's something worth your time.

Free, sent from a person, not a system. Unsubscribe in one click whenever.

Keep reading

The archive →
Healthcare Data PrivacyMay 4, 2026

Your Health Data Sold? US Healthcare Marketplaces & Ad Tech Giants

Discover how US healthcare marketplaces shared sensitive citizenship & race data with ad tech companies, raising privacy and financial security concerns. Learn what it means for you.

DispatchMay 4, 2026

US healthcare marketplaces shared citizenship and race data with ad tech giants