Your Health Insurance Website May Be Sharing Your Data With TikTok and Facebook

A recent Bloomberg News investigation examined thousands of pages across nearly all 20 state-run health insurance websites. Researchers found that most of them have tracking software embedded in their pages — the kind of software that watches what you do online and reports it back to companies like Meta, TikTok, Google, and Snapchat.

The problem: some of this information being shared is sensitive. Washington state's health exchange sent details about applicants' sex and citizenship to TikTok. Other states sent race and income information. Many of these websites explicitly promise users that they won't share personal details with outside companies. They are doing it anyway.

Why This Matters

These tracking tools work like store security cameras that follow your movement through a website, noting what you click on, what you type, and what pages you visit. That is normal for shopping websites — but your health insurance enrollment process is different. It necessarily includes answers to questions about your income, your family status, whether you are pregnant, and other deeply personal details.

The big technology platforms that receive this data have their own rules against accepting health information through their tracking systems. TikTok and Snapchat specifically say they do not want information embedded in web addresses or form fields — yet that is exactly where this health data ended up.

Both Washington and Virginia removed some of their trackers after Bloomberg contacted them. This suggests the tracking was installed without anyone carefully checking what data would actually flow through it.

What Went Wrong

State health insurance websites have a problem that is harder to solve than it sounds. They need to use modern web tools to track whether people are actually signing up — just like any business website does. But they are handling sensitive personal information that should be kept more protected.

This is not the first time government has faced this kind of problem. When the federal government launched HealthCare.gov in 2013, officials rushed to get the site working. They moved faster than they checked security, and it caused significant problems. Similar issues are happening now on the state level, though for different reasons.

The real issue comes down to how modern web tracking works. When you fill out a form on a website, the tracking code can grab whatever information is sitting in that form — your address, your age, your job title. State exchanges probably added these trackers to measure whether people were actually completing enrollment, a standard business practice. The problem is that these tracking tools were designed for regular websites, not ones that handle sensitive health data.

Looking Forward

As more healthcare moves online and states try to sign people up more effectively using digital marketing, this tension will keep causing problems unless something changes. Government agencies need better tools and guidelines for protecting sensitive data while still using modern website technology.

The immediate solution is straightforward: remove the trackers or set them up so they cannot pick up personal details. The harder part is figuring out how to do what these websites are supposed to do — help people enroll in insurance and track whether the sites are working — without accidentally handing private information to advertising companies in the process.