On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics was configured in a way that allowed certain member data to be shared with Google’s advertising product, Google Ads, that likely included protected health information. Google may have used this data to conduct focused ad campaigns back to those individual members.
Blue Shield severed the connection between Google Analytics and Google Ads on its websites in January 2024.
What information was involved
- Insurance plan name, type and group number;
- city;
- zip code;
- gender;
- family size;
- Blue Shield assigned identifiers for members’ online accounts;
- medical claim service date and service provider, patient name, and patient financial responsibility;
- “Find a Doctor” search criteria and results (location, plan name and type, provider name and type).
That’s a huge HIPAA violation. Can’t wait to see them get a slap on the wrist.
In theory there would be large fines for every violation, of which there would be millions in this case
These people kill low quality domestic slaves for sports and profit…
They are above the law and selling your data is a nice revenue stream
What you gonna do about it? Switch your insurance?
I’ll be holding my breath.
Arguably the only potential PHI is the association between provider names and individuals, but with the current clown show running HHS, I’m not going to hold my breath and wait for accountability here.
Call an ambulance!!!
What are these supposed benefits they speak of? Allowing Google access for what end?
The analytics would be for the web development team to see which pages/features are used. Usually a product manager uses that data for setting priorities on what gets worked on.
It’s quite possible to self host this stuff.
As a web developer that blocks all this shit, that’s the line I always use. I would just use first-party analytics from the same domain the website is hosted from. The added bonus is that people like me wouldn’t even be able to block it without blocking the entire website (at least with DNS).
SHUSH! 😄 We trying to burn this whole thing to the ground! Don’t come here with all that sense making talk! 🤣 /s
But you can do all that without selling out your users to third parties.
“Better” ads most likely, aka more personalized.
edit:
Google may have used this data to conduct focused ad campaigns back to those individual members.
That’s their exact language
Allowing Google to run an ad campaign targeting their members wasn’t the benefit Blue Cross was talking about, that’s a side effect from them not turning off the data sharing option in the Google analytics settings.
The analytics data is used for prioritizing development work. If a tool they have on the website relies on a library that isn’t compatible with a new version of React, for instance, do they know how many people use it? Having analytics allows you to decide what’s worth spending the development time to maintain.
Google Analytics gives you insights on what pages people visit, how long they spend, what kind of browsers and devices they use. That can give them data on what pages are important to customers and what screen sizes to support
I’d rather they self host this data vs use Google Analytics, but there are benefits.
It goes further than that. They can track how people interact with the page, order of buttons pressed, if or when they abort a workflow etc. You can go as deep down the rabbit hole of analytics and optimizations as you want.
Dear Blue Shield members: what improvements in “”“services”“” from Blue Shield have you seen?
I ain’t seen shit. Premiums continually go up doe
Jail those involved.
I’m serious, jail them. This is again corpos making millions from us plebs and then they’ll get a fine that is a fraction of what they made and since they don’t pay taxes anyway, it’s still nothing.
Jail them
Find out who was in charge and either that person can show evidence that it was someone else without their knowledge or YOU JAIL THEM. Both at Google and at that torture company blue shield
Jail them! Jail them now. Jail them for years, at least.
Paul Markovich is president and CEO of Blue Shield of California
I saw an ad for Amazon telehealth a couple of weeks ago. I’m not digging the times we’re in. I also hope we don’t look back on this time with nostalgia.
After the nuclear winter, we will look back on these times with nostalgia.
“Yes, the planet got destroyed. But for a beautiful moment in time we created a lot of value for shareholders”
Fuck google, fuck blue shield!
Here’s a good reason why you should run an ad blocker. Block the Google Analytics script from loading entirely.
This is why you always block ads and trackers. It never pays to worry about revenue of “poor sites”
Infuriating
This is why I’m such a cunt about blocking this stuff at the DNS and/or IP level. Google Analytics is essentially everywhere including IRS web pages with your Social Security number in the DOM.
But HIPaA 🤡
Love seeing normies cite some law without understanding how the regime actually operates on practice.
Useful fucking idiots
