Health insurers: With great power over data comes great responsibility

Like many Americans, I have long since accepted that yes, Big Brother is watching and no, we can't really do anything about it.

Those who still think otherwise, I've always figured, are fooling themselves. And don't get me started about the head-smacking irony of people ranting about the erosion of privacy on a social-media site like Facebook.

But just when I'm resigned to the fact that privacy is a myth in the digital age, something surfaces that makes me wonder, "how in the world did they get that information?" Most recently, it was a postcard promoting wedding stationary, sent to my D.C. address, which contained a near-spot-on version of the colors I chose for my upcoming wedding.

While I've likely at some point opted into a way for the vendor to learn where I live and what colors I like, it underscores just how unaware we are these days who is selling what data about us to whom. It's only mildly weird when it's your wedding details--it would be straight up alarming if it were your personal medical information.

Which brings me to a fascinating report from IDC Health Insights I wrote about this week that offers health insurers advice for engaging with customers in an increasingly consumer-centric landscape. Nestled in among other sage business advice, author Jeff Rivkin warns against the "shadow of the creep factor" when payers engage with members.

The "creep factor," the report says, can emerge both in how a company personalizes interactions with a customer and which interactions it chooses to personalize. A potentially creepy approach, for example, would be an insurer using clinical data--say about a person's diabetes diagnosis--to "suggest a product/plan or clinical service."

But Rivkin writes that customers probably wouldn't mind if an insurer used their data to encourage a specific subsidy program or provider type. I'd point out that those are still promotional communications, but presumably fall more on the side of "let us help you help yourself" than "let us suggest something we'd like to sell to you."

The privacy issue also is coming up in the increasingly crowded realm of workplace wellness programs. Consumer advocates, and rightly so, have raised concerns about the practice of some wellness programs providing participants' data to third party-vendors--which are likely to use that information to hawk their products.

Consumers are also worried that the personal information they provide to such wellness programs will trickle back to their employer. And those who figure they just won't participate can be out of luck if they work for a company that insists upon it, as a court has ruled that employers can penalize those who refuse to participate in wellness programs that require biometric screening.

To address these concerns, this week the Department of Health and Human Services' Office for Civil Rights issued a guidance to clarify how and when workplace wellness programs are subject to Health Insurance Portability and Accountability Act (HIPAA) rules.

Group health plans sponsored by an employer are covered under HIPAA, as is any employee health information held by an employer as a plan sponsor, the guidance says. Organizations that store or transmit protected health information electronically are also required to implement "reasonable" safeguards to protect that data, such as firewalls.

Yet critics have accused HHS of showing a lack of urgency when it comes to updating the industry on how HIPAA applies to connected health technologies.

So how should health plans proceed in this brave new world of targeted interventions and fitness trackers?

For one, recognize that when it comes to dealing with customers' data, complying with state and federal rules isn't enough--especially given how slow laws are to catch up with technology. With fragile consumer trust on the line, nothing less than careful consideration in handling sensitive medical information would be a major business mistake.

Language also matters--as Rivkin's report points out, people are far less receptive to messages that overtly try to sell them something. Such tactics run contrary to the industry's transformation anyway, as insurers are trying to become a partner in their customers' care, rather than just the entity that pays for it.

My suggestion for marketing executives? Before rolling out a member-engagement tactic, ask yourself whether it would freak out your most conspiracy-theory-prone relative. After all, Big Brother may always be watching, but that doesn't mean you have to take a page from his playbook.  - Leslie @HealthPayer

Suggested Articles

Hospitals are already signaling a legal challenge to a final rule from CMS on price transparency, but the agency is ready.

It is time to fight fraud and waste the right way: by reducing burdens on providers, streamlining oversight and putting patients over paperwork.

CMS issued a proposed rule and a final rule aimed at increasing price transparency from hospitals and insurers.