Cooper Quintin, writing for the EFF:

EFF researchers have independently confirmed that healthcare.gov is sending personal health information to at least 14 third party domains, even if the user has enabled Do Not Track. […] Sending such personal information raises significant privacy concerns. A company like Doubleclick, for example, could match up the personal data provided by healthcare.gov with an already extensive trove of information about what you read online and what your buying preferences are to create an extremely detailed profile of exactly who you are and what your interests are.

I find it appalling that healthcare.gov sends any information to tracking websites at all. Why would an insurance marketplace send data to Optimizely, Doubleclick, and Google? You’d think $2 billion would have bought something a little better than this.