A Medicaid dataset that federal health officials were not authorized to hand over reached Immigration and Customs Enforcement in January, and from there went to Palantir Technologies, the private contractor that builds software agents use to find people for deportation. The transfer is described in federal court filings reported this week by LAist and NPR.

The disclosure is the latest in a series of acknowledged breaches of the limits a federal judge placed on what health data immigration authorities may see, and it lands in a state where a large share of the people in those records live.

What was shared

The records came from the Centers for Medicare and Medicaid Services. According to the filings, CMS improperly shared a dataset covering millions of people on January 7, and the data included U.S. citizens and people in the country lawfully, two groups the court had placed outside the arrangement. A separate instance involved refugee data from Minnesota that also included citizens. CMS later inadvertently reshared the January dataset while attempting to transfer records from states that are not parties to the litigation.

The constraint being tested comes from U.S. District Judge Vince Chhabria, who ruled in December that CMS could share a narrow set of Medicaid details with ICE, including addresses, dates of birth and immigration status, and only for specific categories of noncitizens. In May, after CMS conceded it had exceeded that authorization, Chhabria temporarily paused the data sharing. A hearing set for August is meant to settle which noncitizens' records may lawfully be transferred at all.

Palantir and the ELITE app

Palantir's involvement is what gives the breach its practical edge. The company operates an application called ELITE, used by ICE agents, that displays addresses of noncitizens who may be subject to deportation. A dataset that should never have left CMS therefore reached the pipeline feeding an enforcement targeting tool.

Palantir said the dataset in question had been purged. The government's account of the cleanup has shifted: an ICE official, Alberto Briseno, stated that personnel deleted the files once the problem was discovered, but it later emerged that roughly half a dozen users still had copies of the January 7 dataset. California deputy attorney general Anna Rich filed a declaration citing discovery materials that show ICE personnel asking Palantir to delete files over a Microsoft Teams chat.

The Department of Homeland Security did not immediately return a request for comment.

The states' objection

Democratic attorneys general, with California among the states pressing the case, filed a motion opposing any expansion of ICE's access. Their argument is less about any single transfer than about the pattern. "Each successive revelation of a violation," they wrote, "makes it more difficult" to have confidence that the data can be kept within the bounds the court set.

The federal government's position throughout the litigation has been that immigration enforcement is a lawful use of records the government already holds, and that the errors have been administrative rather than deliberate. Chhabria's December ruling accepted part of that premise: he allowed some sharing rather than barring it outright. What the filings now document is that even the narrowed permission proved difficult to keep to.

Why it matters here

Medi-Cal, California's Medicaid program, enrolls a larger population than any other state's, and Los Angeles County accounts for a substantial share of it. Enrollment records are collected for a single purpose, which is to administer health coverage. Their use for immigration enforcement is the change at the center of the case, and the concern raised by health advocates is a straightforward one: if applying for coverage carries an enforcement risk, some eligible people will not apply.

Whether the August hearing narrows ICE's access further, or formalizes it, will determine how much of that concern is borne out.