What's the latest buzz about Covered California? Turns out, the state's health insurance exchange is in hot water after allegations surfaced that it shared people's sensitive data with LinkedIn. Yep, you read that right. Between February 2024 and May 2025, it's alleged that website trackers quietly collected info about users' health, ethnicity, marital status... even how many kids they have. And no, users didn't knowingly sign up for their private info to be passed along.
It allegedly all started with an advertising campaign. Covered California embedded LinkedIn's Insight Tag on several pages of its site. What's that? A tool that lets businesses track conversions and target ads. Harmless in theory, but on a healthcare site? It's messy. These alleged data-sharing activities came to light in May 2025 thanks to privacy advocates who discovered the trackers and raised concerns.
Once these allegations exploded, Covered California scrambled. They removed the trackers and immediately launched a review of their privacy practices. But was that enough to calm the storm? Probably not.
Oh, absolutely. A proposed class-action lawsuit hit the Northern District of California in May 2025. The case? It accuses LinkedIn and Google (yep, they're looped in too) of collecting sensitive health data without permission. And we're not talking minor infractions here. Allegations include violations of the California Invasion of Privacy Act and the federal Electronic Communications Privacy Act.
The consequences could be huge if the allegations are proven. LinkedIn and Google may face hefty penalties. And Covered California? While not a named party in the lawsuit, they're not off the hook. They might need to overhaul their approach to handling user data. Plus, there's the looming federal inquiry. For those whose info may have been shared without consent, the class-action lawsuit, if successful, could bring some compensation.
It's looking likely. California Rep. Kevin Kiley has already called for a federal inquiry. He wants the Department of Health and Human Services to step in and determine if any HIPAA violations occurred. It's not every day that a public agency faces this kind of scrutiny over user privacy, especially in a space where people trust their deeply personal details to be protected.
Lots of waiting. The legal process will unfold with hearings, evidence collection, and possibly a settlement. And if that federal investigation kicks off? It could set the stage for heightened regulations around data sharing for public institutions.
One thing's clear, though. This isn't just about Covered California. It's a wake-up call for all organizations dealing with sensitive user data. After all, how safe are we when even healthcare portals allegedly come with trackers?