MARCH 25, 2015
Records Suggest White House Pressure Led to Possible Privacy Breaches in Healthcare.gov Advertising Push
(Washington, DC) – Judicial Watch announced today that it obtained new documents from the U.S. Department of Health and Human Services (HHS) revealing that Department of Homeland Security (DHS) worked with HHS on security for Healthcare.gov.
HHS released 117 heavily redacted pages in response to an ongoing Freedom of Information Act (FOIA) lawsuit filed on March 18, 2014 (Judicial Watch v. U.S. Department of Health and Human Services (No. 1:14-cv-00430)).
In September 2014, as a result of the same lawsuit, Judicial Watch released 94 pages of HHS documents revealing that in the days leading up to the rollout of the Patient Protection and Affordable Care Act, otherwise known as Obamacare, top officials with the Centers for Medicare and Medicaid Services (CMS) knew of massive security risks with Healthcare.gov, but chose to roll out the website without resolving the problems. The latest round of documents, obtained on December 22, 2014, reveal that a month after the failed rollout, the security problems had not been resolved.
In a heavily redacted November 6, 2013, email, Julie Bataille (former CMS director of the office of communications) informs then-CMS Administrator Marilyn Tavenner and Jeffrey Zients (former Healthcare.gov “tech surge” manager), that “the Dept Homeland Security’s public affairs team reached out to ASPA” (an apparent reference to the assistant secretary for public affairs). The outreach originated with Kevin Greene, program manager – software assurance, of the DHS Cyber Security Division.
On November 8, 2013, Tavenner forwarded Bataille’s email to David Nelson (acting CMS chief information officer) and Tony Trenkle (outgoing CMS chief information officer) with the message, “For you guys to follow up. I support. Thanks.” The following email exchange shows that Department of Homeland Security began working with Obamacare officials on Healthcare.gov:
- November 8, 2013, Nelson to Greene: “As the new Acting Chief Information Officer for CMS, I would be very interested in talking to you about the type of support DHS may be able to provide for Healthcare.gov.
- December 9, 2013, Greene to Nelson: “I had a very productive meeting with Kevin Charest [HHS Chief Information Officer] and his team on last week and would love to meet with you soon. Please let me know a good time to schedule a meeting.”
- December 11, 2013, Lisa Mack (special assistant to David Nelson) to Greene and Nelson: “Dave is available in Baltimore on Monday, January 13th between 1:00 – 2:00 pm.”
Another email exchange on January 17 suggests that Obama White House pressure helped push “Digital Media Campaign Tagging,” which promoted changes to Healthcare.gov privacy policies to allow certain private information of Healthcare.gov users to be shared with advertisers. The email chain, dated January 14, 2014, with the subject line “Call on Tagging Issues,” Jon Booth (director of the CMS Web and Media Group) informs Nelson, Bataille and Mary Wallace (deputy director of the CMS Office of Communications) of White House interest in employing Healthcare.gov user information for advertising. “There is a huge push from the White House,” Booth writes, “to implement a robust (and more importantly) measureable digital ad campaign.”
Notably, the email chain promoting this controversial use of citizen information includes a link to a website posting by a security expert who details that security was an “afterthought” on the Obamacare website, that 70,000 Healthcare.gov records were easily viewable using Google, and that “the head of [Healthcare.gov’s] security that had to sign off on the security of the website during its launch wouldn’t, and was forced out the door…”
In January 2015, The Associated Press revealed that HHS was disclosing health and private information of Healthcare.gov users to advertisers:
The government’s health insurance website is quietly sending consumers’ personal data to private companies that specialize in advertising and analyzing Internet data for performance and marketing, The Associated Press has learned.
The scope of what is disclosed or how it might be used was not immediately clear, but it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer’s Internet address, which can identify a person’s name or address when combined with other information collected by sophisticated online marketing or advertising firms.
A few days prior to the AP report, which provoked bipartisan concern in Congress, CMS Administrator Marilyn Tavenner resigned after being accused of padding Obamacare enrollment numbers. According the New York Times:
Representative Darrell Issa, Republican of California and former chairman of the House Committee on Oversight and Government Reform, said Ms. Tavenner “had to go.” He said that she had “padded the Obamacare enrollment numbers” to make them look larger than they were.
Congressional investigators discovered in November that the administration had overstated enrollment by including about 400,000 dental insurance subscribers in the total of 7.1 million people with coverage purchased through the exchanges.
“The mistake we made is unacceptable,” Ms. Burwell said in a Twitter post at the time.
“It might concern most Americans that the Department of Homeland Security had secret involvement in Obamacare’s Healthcare.gov,” said Judicial Watch President Tom Fitton, “What private health information was shared with DHS by the Obama administration? And we now have new documents that show it was pressure from the Obama White House, desperate to boost enrollment in its unpopular government health care program that may have led to a mass breach of the privacy of innocent Americans.”