It’s easier than ever to put health data on the Internet. Fitness trackers, health apps and other connected devices can give people a lot of insight into their health. Unfortunately, that’s not the only way that their health data ends up getting used. Health insurance companies are particularly interested in getting their hands on all of the data they possibly can about people. They end up adjusting their risk pools based on the added insight, as well as looking at individual subscribers and choosing to increase their rates or possibly deny service entirely based on it.
Insurers are in the Business of Data
The entire business model of health insurance revolves around data. They use information to establish risk pools to determine which medical conditions and characteristics result in more claims or higher claims. Because of this, they try to gather as much information as possible about the population on a group and individual level.
Where Do Insurers Get Health Data
Insurers can get health data from multiple sources, some of which are freely offered up, and others that are purchased through third-parties or gathered from publicly available online sources.
First-party data is the information that the health insurance company has access to and generates directly. They have information about the claims filed through their company, data from the partnering medical providers and other records. The sheer amount of information that an insurer handles on a daily basis is overwhelming to think about, and it’s only going to expand as more ways of generating health information become possible.
Some health insurance companies offer incentives for people to provide additional information about themselves. This process could involve entering in activity levels, going to get an annual physical, and disclosing information on smoking, drinking and substance use. Since the subscriber is providing this information directly to the insurance company, it’s considered part of their first-party data.
Social media profiles can show a lot of health information, even when a person doesn’t mean to. If they’re engaging in high-risk activities, such as extreme sports, or they go into detail about their health conditions and other issues, the insurer would be able to see this information if the profile isn’t locked down. Of course, given data privacy concerns from many social networks, even a private account could still be at risk of having that information sold or otherwise misused.
Another unexpected source of health information is shopping records. If someone is buying cigarettes, cigars, or pipe tobacco online, it’s a strong indication that they have a smoking habit. The same goes for ordering alcohol. Medical devices that indicate pre-existing conditions could also show up on these records, which could become problematic when it comes to making insurance claims in the future.
Fitness trackers and other wearable devices are able to track sleep patterns, heart rates and other information about the person. They may also share their height, weight, diet and habit data with these services.
Many third-party companies have databases available with information that’s relevant to health information or that the insurance company can use to add more context to the data they already have. This data is not always sold with the consent of the user that it’s collected from.
Connected Medical Devices
More medical devices are able to connect to the Internet, which means that there are more opportunities for this health data to end up in the hands of people other than a doctor or another authorized party. CPAP machines are a commonly impacted device in this situation. Read more about that in this article.
What Health Insurance Companies Can Do With This Data
AI-technology helps health insurance companies derive actionable insights from this information. In some cases, that can be beneficial to healthcare overall when it comes to predicting whether someone is at more risk for developing a certain type of medical condition and being able to recommend preventative healthcare in advance of that. Unfortunately, where it’s likely to come into play for health insurance companies is whether they will raise someone’s rates or deny them coverage based on the likelihood of developing expensive health conditions, even if they don’t currently have them, or declaring something a pre-existing condition.
What Happens If Health Data Is Stolen?
The healthcare industry is one of the most common targets for hackers, due to how valuable their data is. When the insurance company is pulling together all of this information without someone’s knowledge or consent, they are putting it at risk of being stolen if they’re ever subject to an attack that accesses their databases.
A few ways that a subscriber gets affected in the event of stolen health data includes:
- Someone using the person’s insurance information for their own healthcare
- Incorrect information resulting in the denial of important care
- Identity theft in other areas
- An unauthorized party maxing out a benefit limit
How to Respond To Stolen Health Data
People have a few ways to react in a way that prevents further data from being stolen and to protect themselves against the negative consequences of this situation. The first step is to get all current medical records and keep a close eye on them to see whether unexplained or unexpected claims show up. Do the same for credit reports in case they also use this information for identity theft. Freeze the credit reports so they’re unable to open up accounts in that name, as they could try to get a Care Credit account at a healthcare provider or a similar medical account.
Let the insurance company and medical providers involved know if anything unusual appears during this time frame. Stay on top of reporting this information.
It’s difficult to keep health data safe when health insurance providers are collecting it from so many sources. It’s impossible for the typical layperson to know how much of their information is out there and how it’s being used. However, they’re the ones bearing the most risk in the event of a data breach. Protecting online activities by using an encrypted virtual private network service, locking down social media accounts, and limiting the health information shared online are all good steps going forward.