HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Poll Shows Consumers Unaware of the Extent Health Insurers Gather and Use Consumer-Generated Data

Health insurers are collecting online data about consumers and using the information to predict an individual’s likely healthcare costs. Consumer-generated data are collected and used to create profiles, which could be used to determine appropriate premiums.

Consumer-generated data is distinct from protected health information (PHI) and relates to an individual’s lifestyle, interests and behavior and come from many different public and private sources. Health insurers may scour online sources for information or obtain data from data brokers. Some data brokers are actively marketing their data to insurers and claim the information includes social determinants of health, such as online shopping habits, memberships to organizations, TV streaming habits, and information posted to social media networks. Data are amalgamated and algorithms can be used to predict the likely cost of providing insurance.

The collection and analysis of consumer-generated data by health insurers and their business associates was highlighted by ProPublica in 2018, but the public is largely unaware of the extent to which information is being collected and used.

MITRE recently commissioned a Harris Poll to explore attitudes to the use of consumer-generated data. The Harris Poll was conducted in June 2020 on 2,065 adults in the United States.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

The Harris Poll revealed consumers are largely unaware of the extent to which their information is being collected and used, and the types of information that health insurers and employers may know about individuals. 89% of respondents believed health insurers are not aware of their online spending and streaming habits, when this information is being collected and used.

The use of personal data by employers and health insurers is considered to be acceptable to a majority of the respondents, albeit only for certain purposes. 60% of respondents thought it acceptable for their insurance company to use personal data to design health promotion activities, with 54% believing it acceptable for their employer to do the same. However, two thirds of respondents said it was not acceptable for an employer or health insurer to gather or purchase outside information about employees or health plan members.

“These results reinforce that a significant gap exists between what we believe our insurance companies and employers know about us personally, and what they actually do,” said Erin Williams, executive director and division director for Biomedical Innovation at MITRE. “Americans need more education about the ways third parties are accessing and using their consumer-generated data. But it really shows that companies have an obligation to be more transparent about what data they are collecting from third parties.”

There is broad acceptance that in today’s world there is no such thing as digital privacy, with 77% of respondents saying data privacy doesn’t exist. Respondents to the Harris Poll said they were willing to provide their personal information if they receive something in return, such as improving safety (65%) or for convenience (48%).

While 70% of respondents believe there is an obligation to share personal health information to stop the spread of disease, the same respondents appeared to be reluctant to share they personal data for that purpose. When asked if personal information would be shared with a national database to help stop the spread of COVID-19, only 44% of respondents said they would share their personal information. 36% said they would share their temperature data, 29% would share their location, and only a quarter would share information about chronic illnesses.

When it comes to sharing information, there is distrust of social media networks. 59% of respondents said they would feel uncomfortable with sharing any PHI with a social media network directly, although consumers may still share health information via those networks.

“Organizations may have benevolent intentions—such data can be used in productive ways that ultimately benefit consumers’ health—but consumers can potentially be harmed if this data is used inappropriately or unethically,” explained MITRE.

MITRE has developed an Ethical Framework for the Use of Consumer-Generated Data in Health Care which establishes ethical values, principles, and guidelines to guide the use of consumer-generated data for healthcare purposes.

The framework is intended to guide organizations looking to establish policies promoting the ethical use of consumer-generated data for healthcare purposes and to motivate organizations to discuss the ethical implications of using machine learning systems to analyze consumer-generated data and develop appropriate governance processes to facilitate the ethical use of those systems.

The framework can be downloaded from MITRE on this link.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.