House Republicans demand answers after California health exchange shared sensitive user data with LinkedIn
By isabelle // 2025-06-25
Copy
 
  • Covered California secretly shared sensitive user data, including pregnancy status and domestic abuse history, with LinkedIn for over a year, sparking outrage.
  • House Republicans demand answers, citing potential HIPAA violations and betrayal of trust for millions relying on the health exchange.
  • Investigative reports exposed LinkedIn’s tracking tools embedded in Covered California’s site, harvesting private medical details without consent.
  • A proposed class-action lawsuit targets LinkedIn and Google, while legal experts warn of hefty fines if HIPAA was violated.
At least four other state exchanges were found sharing data with tech firms, suggesting widespread privacy failures in government healthcare platforms. In a shocking breach of privacy, California’s state-run health insurance exchange, Covered California, secretly funneled highly sensitive user data including pregnancy status, transgender identity, and domestic abuse history to LinkedIn for over a year. Now, House Republicans are demanding answers, citing potential HIPAA violations and questioning whether the state’s lax data protections betrayed millions of vulnerable Americans seeking affordable healthcare. The scandal, which was first exposed by investigative reports from The Markup and CalMatters, reveals how Covered California embedded LinkedIn’s tracking tools into its website, allowing the social media giant to harvest deeply personal health information without users’ knowledge. The data, collected through the LinkedIn Insight Tag, included details such as prescription drug use, visual impairment status, and even whether applicants had experienced domestic violence.

A betrayal of trust

Covered California, the state’s Affordable Care Act (ACA) marketplace, serves millions of residents who rely on the exchange for health coverage. Yet, while users entered private medical information in good faith, the website quietly transmitted their answers to LinkedIn in a direct violation of the platform’s own policies, which prohibit sharing health data. “The extended period of data exposure raises serious questions about the adequacy of safeguards that Covered California had in place,” wrote House Energy and Commerce Committee Chair Brett Guthrie (R-KY) in a letter to Covered California’s executive director, Jessica Altman. The letter, co-signed by four other Republican lawmakers, demands an explanation for how such a breach could occur and whether HIPAA protections were violated. According to reports, the tracking tools operated from February 2024 until early April 2025, when they were removed following the investigation. Covered California claims the data sharing was “inadvertent” and has since paused all advertising-related trackers. But critics argue the damage is already done and the breach may have exposed countless individuals to predatory marketing or even identity theft.

HIPAA violations and legal fallout

The revelations have sparked immediate backlash, with Rep. Kevin Kiley (R-CA) calling for a federal investigation. In a letter to Health and Human Services Secretary Robert F. Kennedy Jr., Kiley accused Covered California of “blatant disregard for privacy and the law,” noting that HIPAA explicitly protects personal health information from unauthorized disclosure. The scandal has also triggered a proposed class-action lawsuit against LinkedIn and Google, filed just one day after the investigation went public. Legal experts suggest that if Covered California is found to have violated HIPAA, the state could face hefty fines—and worse, a complete erosion of public trust in its healthcare system. Disturbingly, this isn’t an isolated incident. A follow-up investigation found four other state exchanges sharing user data with tech companies, raising concerns that privacy violations may be widespread across government-run healthcare platforms. Covered California insists it is reviewing its security protocols and has hired a third-party forensics firm to assess the breach. But lawmakers remain skeptical. “Ensuring the confidentiality of health information is a foundational obligation for entities operating within the health insurance ecosystem,” Guthrie and his colleagues wrote, demanding answers on how many people were affected and whether they will be notified. Meanwhile, LinkedIn has declined to comment, leaving users wondering how their most intimate health details were exploited and who else might have accessed them. This scandal is more than just a bureaucratic failure; it’s a reminder of how easily personal data can be weaponized in the digital age. If a state-run healthcare exchange can’t protect sensitive information from corporate snooping, what does that say about the government’s ability to safeguard our freedoms? As House Republicans push for accountability, millions of Californians are left questioning whether their trust was misplaced. Who else is watching? And what will they do with the secrets they’ve stolen?   Sources for this article include: ReclaimTheNet.org CalMatters.org Newsweek.com
Copy