WASHINGTON — The Trump administration will launch a new program that will allow Americans to share personal health data and medical records across health systems and apps run by private tech companies, promising that will make it easier to access health records and .
More than 60 companies — including major tech companies like Google, Amazon and Apple, as well as health care giants like UnitedHealth Group and CVS Health — agreed to share patient data in the system. The initiative will focus on diabetes and weight management, that helps patients, and digital tools such as QR codes and apps that register patients for check-ins or track medications.
People are also reading…
"For decades America's health care networks have been overdue for a high tech upgrade," President said Wednesday at a White House event with company CEOs to announce the new system. "The existing systems are often slow, costly and incompatible with one another, but with today's announcement, we take a major step to bring health care into the digital age."
President Donald Trump waves Wednesday at an event to promote his proposal to improve Americans' access to their medical records in the East Room of the White House in Washington. From left, Health and Human Services Secretary Robert F. Kennedy Jr., Centers for Medicare & Medicaid Services administrator Dr. Mehmet Oz and Amy Gleason, acting administrator of the U.S. Department of Government Efficiency, look on.
The system, spearheaded by an administration that already freely shared highly personal data about Americans in ways that , could put patients' desires for more convenience at their doctor's office on a collision course with their expectations that their medical information be kept private.
"There are enormous ethical and legal concerns," said Lawrence Gostin, a Georgetown University law professor who specializes in public health. "Patients across America should be very worried that their medical records are going to be used in ways that harm them and their families."
Officials at the Centers for Medicare and Medicaid Services, who will be in charge of maintaining the system, said patients will need to opt in for the sharing of their medical records and data, which will be kept secure.
Those officials said patients will benefit from a system that lets them quickly call up their own records without the hallmark difficulties, such as requiring the use of fax machines to share documents, that prevented them from doing so in the past.
"We're going to have remarkable advances in how consumers can use their own records," Dr. , who leads the Centers for Medicare and Medicaid Services, said during the White House event.
Centers for Medicare & Medicaid Services administrator Dr. Mehmet Oz speaks at Wednesday's event.
Popular weight loss and fitness subscription service Noom, which signed on to the initiative, will be able to pull medical records after the system's expected launch early next year.
That might include labs or medical tests that the app could use to develop an AI-driven analysis of what might help users lose weight, CEO Geoff Cook said. Apps and health systems also will have access to their competitors' information, too. Noom would be able to access a person's data from Apple Health, for example.
"Right now you have a lot of siloed data," Cook said.
Patients who travel across the country for treatment at the Cleveland Clinic often have a hard time obtaining all their medical records from various providers, said the hospital system's CEO, Dr. Tomislav Mihaljevic. He said the new system would eliminate that barrier, which sometimes delays treatment or prevents doctors from making an accurate diagnosis because they do not have a full view of a patient's medical history.
Having seamless access to health app data, such as what patients are eating or how much they are exercising, also will help doctors manage obesity and other chronic diseases, Mihaljevic said.
"These apps give us insight about what's happening with the patient's health outside of the physician's office," he said.
CMS also will recommend a list of apps on that are designed to help people manage chronic diseases, as well as help them select health care providers and insurance plans.
Trump looks past Oz as Gleason speaks Wednesday at the event.
Digital privacy advocates are skeptical that patients will be able to count on their data being stored securely.
The federal government has done little to regulate health apps or telehealth programs, said Jeffrey Chester at the Center for Digital Democracy.
Health and Human Services Secretary Robert F. Kennedy Jr. and those within his circle pushed for more technology in health care, advocating for wearable devices that monitor wellness and telehealth.
Kennedy also sought to collect more data from , which he previously said he wants to use to study autism and vaccine safety. Kennedy filled the agency with staffers who have a history of working at or running health technology .
Kennedy and Oz arrive Wednesday at the White House event.
CMS already has troves of information on more than 140 million Americans who enroll in Medicare and Medicaid. The federal agency recently agreed to hand over its massive database, including home addresses, to deportation officials.
The new initiative would deepen the pool of information on patients for the federal government and tech companies. Medical records typically contain far more sensitive information, such as doctors' notes about conversations with patients and substance abuse or mental health history.
"This scheme is an open door for the further use and monetization of sensitive and personal health information," Chester said.
The Trump administration tried to launch a in 2018 that did not get finalized during his first term and did not have buy in from major tech companies.
How one state sent residents' personal health data to LinkedIn
How one state sent residents' personal health data to LinkedIn
The website that lets Californians shop for health insurance under the Affordable Care Act, , has been sending sensitive data to LinkedIn, forensic testing by has revealed.
As visitors filled out forms on the website, trackers on the same pages told LinkedIn their answers to questions about whether they were blind, pregnant, or used a high number of prescription medications. The trackers also monitored whether the visitors said they were transgender or possible victims of domestic abuse.
Covered California, the organization that operates the website, removed the trackers as The Markup and CalMatters reported this article. The organization said they were removed "due to a marketing agency transition" in early April.
In a statement, Kelly Donohue, a spokesperson for the agency, confirmed that data was sent to LinkedIn as part of an advertising campaign. Since being informed of the tracking, "all active advertising-related tags across our website have been turned off out of an abundance of caution," she added.
"Covered California has initiated a review of our websites and information security and privacy protocols to ensure that no analytics tools are impermissibly sharing sensitive consumer information," Donohue said, adding that they would "share additional findings as they become available, taking any necessary steps to safeguard the security and privacy of consumer data."
Visitors who filled out health information on the site may have had their data tracked for more than a year, according to Donohue, who said the LinkedIn campaign began in February 2024.
The Markup observed the trackers directly in February and March of this year. It confirmed most ad trackers, including the Meta "pixel" tracker, as well as all third-party cookies, have been removed from the site as of April 21.
Since 2014, more than 50 million Americans have for health insurance through state exchanges like Covered California. They were set up under the , signed into law by President Barack Obama 15 years ago. States can either operate their exchange websites in partnership with the federal government or independently, .
Covered California operates as an independent entity within the state government. Its is appointed by the governor and Legislature.
In March, that, after four years of increasing enrollment, a record of nearly 2 million people were covered by health insurance through the program. In all, the organization said, about one in six Californians were at one point enrolled through Covered California. Between 2014 and 2023, the uninsured rate fell from 17.2% to 6.4%, according to the organization, the largest drop of any state during that time period. This expansions to , the state's health insurance program for lower-income households.
Experts expressed alarm at the idea that those millions of people could have had sensitive health data sent to a private company without their knowledge or consent. Sara Geoghegan, senior counsel at the Electronic Privacy Information Center, said it was "concerning and invasive" for a health insurance website to be sending data that was "wholly irrelevant" to the uses of a for-profit company like LinkedIn.
"It's unfortunate," she said, "because people don't expect that their health information will be collected and used in this way."
The LinkedIn Insight Tag
The Markup and CalMatters in recent months scanned for trackers on hundreds of California state and county government websites that offer services for undocumented immigrants using , an automated tool developed by The Markup for auditing website trackers.
The Markup found that Covered California had more than 60 trackers on its site. Out of more than 200 of the government sites, the average number of trackers on the sites was three. Covered California had dozens more than any other website we examined.
On , trackers from well-known social media firms like Meta collected information on visitor page views, while lesser-known analytics and media campaign companies like email marketing company LiveIntent also followed users across the site.
But by far the most sensitive information was transmitted to LinkedIn.
While some of the data sent to LinkedIn was relatively innocuous, such as what pages were visited, Covered California also sent the company detailed information when visitors selected doctors to see if they were covered by a plan, including their specialization. The site also told LinkedIn if someone searched for a specific hospital.
In addition to demographic information including gender, the site also shared details with LinkedIn when visitors selected their ethnicity and marital status, and when they told how often they saw doctors for surgery or outpatient treatment.
LinkedIn, like other large social media firms, offers a way for websites to easily transmit data on their visitors through a tracking tool that the sites can place on their pages. In LinkedIn's case, this . By using the tag, businesses and other organizations can on LinkedIn to consumers that have already shown interest in their products or services. For an e-commerce site, a tracker on a page might be able to note when someone added a product to their cart, and the business can then send ads for that product to the same person on their social media feeds.
A health care marketplace like Covered California might use the trackers to reach a group of people who might be interested in a reminder of a deadline for open health insurance enrollment, for example.
In its statement, Covered California noted the usefulness of these tools, saying the organization "leverages LinkedIn's advertising platform tools to understand consumer behavior and deliver tailored messages to help them make informed decisions about their health care options."
Trackers can also be valuable to the social media companies that offer them. In addition to driving ad sales, they provide an opportunity to gather information on visitors to websites other than their own.
On about the Insight Tag, LinkedIn places the burden on websites that employ the tag not to use it in risky situations. The tag "should not be installed on web pages that collect or contain Sensitive Data," the page advises, including "pages offering specific health-related or financial services or products to consumers."
LinkedIn spokesperson Brionna Ruff said in an emailed statement, "Our Ads Agreement and documentation expressly prohibit customers from installing the Insight Tag on web pages that collect or contain sensitive data, including pages offering health-related services. We don't allow advertisers to target ads based on sensitive data or categories."
Legal recourse
Collection of sensitive information by social media trackers has in previous instances led to removal of the trackers, lawsuits, and scrutiny by state and federal lawmakers.
For example, after The Markup in 2022 when students applied for college financial aid online, the department turned off the sharing, faced from two members of Congress, and was who sought more information about the sharing. Other stories in the same , also led to changes and blowback, including a on telehealth companies transmitting personal information to companies including Meta and Google without user consent and proposed class action lawsuits over information shared through trackers with , and .
LinkedIn is already facing multiple proposed class-action lawsuits related to the collection of medical information. In October, that LinkedIn violated users' privacy by collecting information on medical appointment sites, including for a fertility clinic.Ìý
Social media companies' tracking practices have underpinned the tremendous growth of the tech industry, but few web users are aware of how far the tracking goes. "This absolutely contradicts the expectation of the average consumer," Geoghegan said.Ìý
In California, a law called the California Confidentiality of Medical Information Act governs the privacy of medical information in the state. Under the act, consumers must give permission to some organizations before their medical information is disclosed to third parties. Companies have faced litigation under the law for using web tracking technologies, although those suits have .Ìý
Geoghegan said current protections like these don't go far enough in helping consumers protect their sensitive data.Ìý
"This is an exact example of why we need better protections," she said of LinkedIn receiving the data. "This is sensitive health information that consumers expect to be protected and a lack of regulations is failing us."
was produced by and reviewed and distributed by Stacker.
