On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics was configured in a way that allowed certain member data to be shared with Google’s advertising product, Google Ads, that likely included protected health information. Google may have used this data to conduct focused ad campaigns back to those individual members.
Blue Shield severed the connection between Google Analytics and Google Ads on its websites in January 2024.
What information was involved
- Insurance plan name, type and group number;
- city;
- zip code;
- gender;
- family size;
- Blue Shield assigned identifiers for members’ online accounts;
- medical claim service date and service provider, patient name, and patient financial responsibility;
- “Find a Doctor” search criteria and results (location, plan name and type, provider name and type).
Google Analytics gives you insights on what pages people visit, how long they spend, what kind of browsers and devices they use. That can give them data on what pages are important to customers and what screen sizes to support
I’d rather they self host this data vs use Google Analytics, but there are benefits.
It goes further than that. They can track how people interact with the page, order of buttons pressed, if or when they abort a workflow etc. You can go as deep down the rabbit hole of analytics and optimizations as you want.