WASHINGTON (AP) — Bowing to privacy concerns, the Obama administration reversed itself Friday, scaling back the release of consumers' personal information from the government's health insurance website to private companies with a commercial interest in the data.

The administration made the changes to HealthCare.gov after The Associated Press reported earlier this week that the website was quietly sending consumers' personal data to companies that specialize in advertising and analyzing Internet data for performance and marketing.

The personal details included age, income, ZIP code, tobacco use and whether a woman is pregnant.

That prompted lawmakers to demand an explanation, while privacy advocates called on the administration to make changes.

Analysis of the website Friday by the AP showed that the administration had made changes to reduce the outbound flow of personal information. Before that, the website was explicitly sending personal data to third-party sites.

The site is used by millions to sign up for coverage under the health care law, or to merely browse for insurance plans in their communities.

The changes were confirmed by Cooper Quintin, a staff technologist with the Electronic Frontier Foundation, a civil liberties group. Quintin called it "a great first step," but said the administration needs to do more.

An administration spokesman did not respond to a request for comment on Friday.

Officials of the Health and Human Services Department had at first defended their information-sharing practices, saying the outside companies only used the data to analyze the workings of HealthCare.gov and make improvements to the website that benefit consumers. There is no evidence that consumers' personal information was misused, they said.

Created under President Barack Obama's health care law, HealthCare.gov is the online gateway to government-subsidized private insurance for people who lack coverage on the job. It serves 37 states, while the remaining states operate their own insurance markets. The privacy issue surfaced just as the president was calling for stronger Internet safeguards for consumers.

Sens. Orrin Hatch, R-Utah, and Charles Grassley, R-Iowa, called it "extremely concerning" for consumers. Grassley said Friday it's still unclear how consumers' information is being used.

"People using HealthCare.gov should have the confidence that their information is secure and not being used for sales pitches by outside firms," he said in a statement.

Third-party outfits that track website performance are a standard part of e-commerce. It's a lucrative business, helping Google, Facebook and others tailor ads to customers' interests. Because your computer and mobile devices can be assigned an individual signature, profiles of Internet users can be pieced together, generating lists that have commercial value.

Third-party sites embedded on HealthCare.gov can't see your name, birth date or Social Security number. But they may be able to correlate the fact that your computer accessed the government website with your other Internet activities.

Have you been researching a chronic illness like coronary artery blockage? Do you shop online for smoking-cessation aids? Are you investigating genetic markers for a certain type of breast cancer? Are you seeking help for financial problems, or for an addiction?

Google told the AP this week it doesn't allow its systems to target ads based on medical information.

HealthCare.gov's privacy policy says in boldface type that no "personally identifiable information" is collected by these Web measurement tools. That is a term defined in government regulations, but other personal details were being allowed through.

Privacy advocates say the administration still needs to do more. The mere presence of connections to private companies on the website —even if they don't explicitly receive personal data— should be examined because of their ability to reveal sensitive information about a user.

Quintin, the tech expert with the Electronic Frontier Foundation, said the health site should disable third-party tracking services for people who enable the "do not track" feature on their web browsers.

"HealthCare.gov should meet good privacy standards for all its users," he said.

The administration is aiming to have more than 9 million people signed up by Feb. 15, the last day of open enrollment. Many consumers wait until the last minute to sign up.

HealthCare.gov was crippled by serious technical problems when it made its debut in the fall of 2013. This year the website has worked much better, a marked contrast. But the privacy issues were a reminder that the site remains a work in progress, like the underlying law.