The Obamacare website is sending users’ data to “private companies that specialize in advertising and analyzing Internet data for performance and marketing,” according to the Associated Press.

The Obama administration insists the release of the personal data is to “help improve the consumer experience.”

Some of the information that can be collected includes age, income, ZIP code, whether the person smokes, and if the person is pregnant.

doctor-obama

The user’s computer IP address can also be captured, allowing it to be matched with “information collected by sophisticated online marketing or advertising firms.”

The AP reports “connections to dozens of third-party tech firms were documented by technology experts who analyzed HealthCare.gov and then confirmed” by the news agency.

It’s unclear how the private companies are going to utilize the highly specific information or what oversight the Obama administration has.

“This new information is extremely concerning, not only because it violates the privacy of millions of Americans, but because it may potentially compromise their security,” Sens. Orrin Hatch and Charles Grassley say in a letter to the administration.

“You don’t need all of that data to do customer service,” says Theresa Payton, who was a White House chief information officer during the George W. Bush administration.

“We know hackers are just waiting at the door, salivating to get at this data.”

The disclosure comes at a particularly ironic time when Obama is pledging to boost cyber security.

“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism,” the president said during the State of the Union address.

Among other things, Obama wants to create a new “federal mandate for hacked companies to disclose breaches to customers within 30 days of discovering the hack,” according to NBC News.

But what if they’re just willingly giving personal information away? And it’s the government, not a private company?

The AP reports, “Third-party sites embedded on HealthCare.gov can’t see your name, birth date or Social Security number. But they may be able to correlate the fact that your computer accessed the government website with your other Internet activities.”

“I think that this could erode … confidentiality when dealing with medical data and medical information,” Cooper Quintin, a staff technologist with the Electronic Frontier Foundation, tells the news service.