US healthcare marketplaces shared citizenship and race data with ad tech giants

https://techcrunch.com/2026/05/04/us-healthcare-marketplaces-shared-citizenship-and-race-data-with-ad-tech-giants/

119•ZeidJ•1h ago

Comments

ZeidJ•1h ago

Bloomberg Study: https://www.bloomberg.com/features/2026-healthcare-advertisi...

shevy-java•58m ago

The US citizens will have to fight down those corporate overlords. It is now really just shameful how they leech off of the common man (and common woman). People in democracies outside of the USA shake their head in sadness now. Even Canada is doing better here - don't tell anyone the crazy orange king, for he may begin to potty-mouth and threaten them with invasion again.

aksss•18m ago

corporate overlords? These are the state governments selling your data. The call is coming from inside the house. The sooner we realize that government is comprised of the same slithering slime of human greed and laziness, the more realistic discussions we can have.

josefritzishere•55m ago

How is this not a HIPAA violation?

dekhn•44m ago

HIPAA as a law is intended to ease transfer of medical information, not restrict it.

ux266478•38m ago

That's not true. It's intended to define a regulated and standard means of transferring medical information while ensuring confidentiality and patient privacy.

https://www.hhs.gov/hipaa/for-professionals/privacy/laws-reg...

You have to explicitly grant permission for your data to be sold. What's very likely is that either the healthcare provider or insurance company included a request for authorization to sell that data, and the authorization was signed without paying much attention to it.

dekhn•27m ago

You're referring to the privacy rule, which is only part of the law (and not its primary prupose). The original intent of the law was to ensure easy transfer of information to keep health coverage when changing jobs. The privacy rule was not even part of the original law, it was added by HHS 3 years later. See more details here: https://www.ncbi.nlm.nih.gov/books/NBK9576/

SirFatty•37m ago

"The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a US federal law designed to protect sensitive patient health information from disclosure without consent."

dekhn•29m ago

That's not really correct. It was designed for portability- the ability to move data between health care providers.

(I work in healthcare-adjacent and have met with many lawyers and had to explain them all about "HIPAA compliance"; my comment was not made from ignorance, but practical experience based on learning about how the law is used. There is a privacy rule in it, but that was not the real intent of the law. The intent was to make it easy to keep your health care when you moved between jobs.)

nickff•23m ago

Could you please cite the source for that quote? I looked for it, but couldn't find a source; it seems like an AI hallucination.

nickthegreek•20m ago

Why would you call it an hallucination because you cant find immediately locate the source? You didnt say what in the single sentence would make you jump to that conclusion.

I highlighted SirFatty's text, looked up on google and first result show it near verbatim on cdc.gov.

https://www.cdc.gov/phlp/php/resources/health-insurance-port...

dekhn•18m ago

Here's the original text of the bill's purpose; very little of the bill talks about privacy, and most of the rules around that are part of the HHS Privacy Rule.

To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.

aksss•22m ago

Narrator: "But it did neither."

Honestly, we're better off with it than without it, speaking as someone with exposure to that industry's internals. That act drives a lot of good security practice within the organizations (mostly liability shifting, but still good). Specifically, the fear it instills of ruinous penalties from regulators drives good practice adoption, IME.

Further, multiple crappy patient portals across providers is a crummy experience, but it's an improvement over the world where providers held the data hostage and had zero interest in accommodating your requests for it, or even the idea that you owned it.

ButlerianJihad•3m ago

The second “P” in HIPAA stands for “Privacy”

dekhn•2m ago

I wonder if that's why so many people write it as HIPPA.

SoftTalker•23m ago

HIPAA applies to healthcare professionals and providers, not ad tech companies. And race and citizenship are not personal health-related data.

wewtyflakes•54m ago

It should be illegal to send the data, and illegal to accept it; burn both sides of that bridge.

Eddy_Viscosity2•26m ago

Why would politicians ever pass such a law? Who do you think they work for?

post-it•17m ago

What's the point of this kind of comment? Have pro-citizen anti-corporate laws never been passed in the past?

wilg•15m ago

The point of the comment is to spread toxic and deadly cynicism.

traderj0e•13m ago

If you never trust anyone at all, nobody will take advantage of you, instead you'll fool yourself.

wat10000•17m ago

Ideally because we'd vote in politicians who would do it, and vote out those who didn't.

nomorewords•11m ago

Is that even possible in the US anymore with donations and corporate backing being so important to a campaign?

applfanboysbgon•9m ago

I don't believe donations or corporate backing had anything to do with Trump, for example, winning. Trump won because he genuinely appeals to the average voting American. American voters are willingly choosing to support these politicians and all of the consequences that entails.

dgellow•6m ago

For the president election, maybe, but without corporate backing of the GOP he would have to face an adversarial congress. Or at least, that’s the hope

fn-mote•5m ago

You can believe the latter but the former ignores everything we know about the effectiveness of advertising.

And also about the targeting of swing districts.

applfanboysbgon•14m ago

They work for the people. In some countries, people actually vote for politicians that benefit the population. In other countries, people repeatedly vote for politicians despite knowing that those politicians are only interested in enriching themselves, with a track record going back decades of doing nothing but that. The problem, then, is the voters in certain countries, not the politicians.

dexterdog•2m ago

And in some countries people are only given a choice of two, neither of which benefit the population.

bell-cot•26m ago

I wouldn't be surprised if both are illegal. But these days, the correlation between "X is illegal" and "larger org's do not do X" just ain't what it yousta be.

idle_zealot•8m ago

My understanding is that it's legal with opt-in, but the opt-in is allowed to be confusing, opaque, and sticky, so most people "consent" without informed consideration. We really need to revisit contract law in a modern context. Call me crazy but I don't think it's reasonable that our society operates in such a way that easily 90+% of people are subject to contract terms they signed but don't know or understand.

goda90•14m ago

Every piece of data collected should be an opt-in both for the initial collection and any sharing to a third party. There should be an explanation for why it is collected and an explanation for what features are not possible if it is not collected. It should be a violation of the law to disable a feature based on failure to opt-in for data points that aren't absolutely necessary for the operation of that feature.

traderj0e•12m ago

At least make it an explicitly protected right to lie about your race in any context

mistrial9•37m ago

anecdata - in Berkeley CA, in the late 2010s, two individuals showed up to be in the fast-paced AD scene. One was from a former Soviet Union country, who spoke English pretty well .. and the other a woman from Columbia .. to say that both of these two were "aggressive" is an understatement. He spoke English, she was in charge of "security" .. after a very few meetups, they both formed a company for "Ad tech for Hospitals" .. it was "heavy security" they said, and therefore did not discuss any details in public. They very obviously would do "aggressive" actions to get into the business, defeat competitors, and satisfy ..clients? Who were they satisfying with the cultural norms, constantly aggressive stance, move fast and break things approach? Every single person involved had the motivation of Big Money, Now.

oarla•31m ago

Relevance?

levocardia•22m ago

The actual "sharing" was using the Meta pixel and TikTok's equivalent, presumably so the healthcare exchanges could do retargeting or similarity-based marketing to get people to sign up for health care coverage. Which, narrowly, seems like a reasonable thing to do. But of course using the pixel automatically "shares" the data with Meta/ByteDance/whoever, and they get to use it for whatever nefarious purpose they want.

fusslo•12m ago

> Nearly all of the 20 state-run health insurance exchanges in the US have added advertising trackers that transmit user activity

...why?

> State officials say they embed this technology on the exchanges to measure marketing campaigns and to advertise to people who visit their sites

What an absurdist reality we live in

> Tara Lee, a spokesperson for the Washington state exchange, said the tracker on the site was used for advertising campaigns, adding that email, phone and country identifiers were shared with TikTok.

https://www.bloomberg.com/features/2026-healthcare-advertisi...

Personally, I feel local government should not be engaging these services in this way. I don't feel that it's a wise use and that our government employees should be more protective of the public who use their services.

lava_pidgeon•7m ago

Cookie Banner isn't such a bad idea now

downbad_•6m ago

The richest tech companies and richest men in the world got rich by invading people's privacy and selling invasive ads.

TehCorwiz•3m ago

> The richest tech companies and richest men in the world got rich by invading people's privacy and ~selling invasive ads.~

I think you mean "manipulating content algorithms to favor their viewpoints and to target individuals for maximum effect."

tantalor•3m ago

> whether they provided details about whether they have incarcerated family members

Okay. That's not much of a signal, is it? This is "metadata" level of detail.

Unfortunately, Sprites Now Speak MCP

Sweden and France Held a Meeting in the Nuclear Steering Group in Paris

The last days of Butter Ridge

Perturb-MARS: Reading mouse experiments through a human lens

'Beauty of the Beasts' Review: The Gross and the Grimy

Show HN: Manhwa, Manga, Anime tracker/catalogue – Manishelf

Our evaluation of OpenAI's GPT-5.5 cyber capabilities

Show HN: Woodglue - Self-documenting API/Data async server

Show HN: NoReporter – AI-only newsroom, $1/year

Burnless – open protocol that cut my API bill 16x on my heaviest dev day

Christopher Hitchens: Iran's waiting game (2011)

Two worlds collide: the regulatory battlefield hanging over EU-China ties

Musk wanted to settle with OpenAI just days before their courtroom showdown

Google Is a Full Stack AI Player, and Is Playing Well

The AI rush is hitting a bottleneck

Tinventory: The most extensive (tinned) fish database

Google broke Play's in-app review library and hasn't fixed it for a week

The Static Dynamic JVM – A Many Layered Dive [video]

A Cloud Dos Brasileiros

The Tragedy of Gethostbyname

The Steam Controller sold out in 30 minutes

LLVM: Add support for poison-generating/UB-implying annotations

Long Lake agrees to acquire Amex GBT in AI bet

The Biggest Animal Migration–and Few Outsiders Have Seen It

Agents Are Thinking: A tiny project exploring text based thinking animations

Don't prepone it – do the needful. 10 Indianisms we should all be using

What I Got Wrong Implementing Graph-Based Vector Search

Microsoft Edge stores all passwords in memory in clear text, even when unused

Robot-mediated haptic feedback outperforms vision in violin duo coordination

Amazon Web Services' plan to make networking disappear