Insurance companies earn billions each year by selling you their services. And they have more data about you than you could ever expect. Based on this, insurers can make you pay more or even deny the service.

How Much Insurers Know?

Insurers gather as much data about us as possible. A part of it we share voluntarily (like, if they offer perks in exchange), everything else companies gather behind closed doors. They even use social media (such as Facebook or Twitter) to understand our behavior and risk profile better.

Unless you leave no traces online (which is almost impossible), there are all kinds of sources to extract more information about you. For instance, based on your shopping records companies can track if you smoke, how much alcohol you consume, your eating habits, and even what are you up to on weekends.  

Wearable devices (like smart watches) can already monitor what we eat, how we sleep, what is our blood pressure or heart-rate. And insurers are keen on using all of this. So keen – they’re eager to pay to get it!

UnitedHealthcare and Fitbit offer to pay users up to $1,500 in health-care credits for activities completed on their Fitbit Charge 2. Why would companies pay, right? There’s a very good reason for this.

fitbit

Trackers hold a lot of important information about your health. Don’t share it with anyone who asks (Photo credits: Andres Urena/Unsplash)

What Can They Do with Your Health Data

By analyzing the measurements of people who share their information, companies can make decisions about other people’s behavior. The more data there is, the better decisions the company can make.

We use more and more connected devices, plus, AI-driven technologies can analyze the data like never before. All of this paves the way to an entirely new era for insurers. Now they can boost rates or deny insurance purely according to the data they’ve collected.

For example, people who have a chronic illness (like asthma, sleep apnea, etc.), demonstrate specific behavior. If the company can build up enough information about it, in the future they can identify a medical condition just by looking at someone’s data.

If your insurance company has information on some preexisting condition (and there’s 1 in 2 chance that you have one), your rates can be higher, coverage denied, etc.

Moreover, the Internet of things (IoT) will only increase data collection. Because more connected devices > more personal information about you.

How Legal Is It?

Data brokers can buy, sell and trade medical records. Some companies specialize in gathering data, others are interested in buying it.

This is a multibillion-dollar business. For instance, IMS Health, which specialized in medical data trading, records $9-billion in revenue. Companies like Pfizer pay millions each year for the data that IMS Health has gathered.

Although legally the data must be kept anonymous – no names, addresses or Social Security numbers, data-mining companies have various methods to match what they have to an individual.

For example, last year, researchers from the University of Melbourne released a report proving they can identify individuals in government health care data which was published by the federal Department of Health as part of a move towards open data.

The data was supposed to be anonymous (patient ID numbers were removed), but the team of researchers could identify people within the same dataset.

Another example comes from Harvard University’s Data Privacy Lab and Bloomberg News. Using the database of hospital discharge records, they re-identified 35 people out of 81 cases.

This means sensitive private information (like mental health appointments or HIV treatments) could potentially be exposed at any time.

It Sees You When You’re Sleeping. It Knows When You’re Awake

Last spring, Tony Schmidt discovered that from his bedside CPAP machine was wiring the data to his health insurer. Schmidt suffers from sleep apnea – a condition which interrupts his breathing during sleep. Without CPAP he would have to be awaken tens of times during the night, and that, of course, would seriously impact his life.

An information technology specialist himself, Schmidt became suspicious about this privacy after he registered his new CPAP machine with ResMed (California-based medical equipment company). He opted out of receiving further information, but the next morning he got an email which said: “Congratulations! You’ve earned yourself a badge!” Schmidt realized that he’s being tracked.

One thing lead to another, and Schmidt found out that ResMed was allowed to share his data with doctors, insurers and supply companies. So his insurance company, Blue Cross Blue Shield, had it as well. After this, Schmidt went back to using his old machine, which had a removable data card.

What Schmidt discovered wasn’t new – insurers often track patients using CPAP. Companies claim to have legitimate intentions. For example, to track if patients use the machines as directed or advise doctors about the best treatments.

However, this raises some concerns. Why insurance companies don’t rely on doctors of the patients? Are they really the ones to judge?

ProPublica, which reported Schmidt’s story, also found out that companies use different methods to make patients bear the costs. Constant surveillance is one of them.


Health care data is not something you can change (like a password or a PIN code), be careful when sharing it with anyone. As we’ve shown, our data can go from hands to hands without you ever finding out. At least, don’t share it with insurance companies just for tempting perks.