Piggybacking on du jour terminology like “social determinants of health” don’t make privacy erosions by insurance carriers more legitimate or less fraught with ethical conundrums. Under the guise of helping patients, the industry’s use of data brokers for extensive mining of your personal lifestyle choices and socioeconomic details to determine pricing or premium rates creates a murky terrain that existing, presumed protected health information laws don’t explicitly cover. It’s not new for insurance carriers to use nefarious discriminatory practices (e.g. different rules for pre-existing conditions) to deny coverage or balloon your expenses. But, given their backdoor access to your data for which the laws have yet to catch up, you may want to pay cash before you purchase your next bag of chips or condoms and think twice when completing demographics on your race and street address or making a formal name change.
They are judging these innate characteristics and decisions to guide their coverage. A year-long investigation is underway by ProPublica and NPR to understand how the nontransparent health insurance industry optimizes its revenue streams. Among what they report is that such things as a name change for a woman prompts carriers to assume she is divorcing, will get depressed and need mental health services. Or, she was just married, will imminently get pregnant and increase costs. True or not doesn’t seem to matter, but it is amazing that we have laws for this discriminatory practice in the job sector where bias against a pregnant woman wouldn’t stand. They go on to detail similar events based on which side of town you live in, ethnicity and so on.
The industry says insights from this data are used to improve case management. But, they backpedal when discussions about linkage of data with clinical records abound. Europe is keen on understanding the complexities around data misuse and abuse, so they enacted legislation that prohibits such practices by affirming the individual owns their data, can withdraw it and must be consented for its use. Given the lightning speed of technological advances, health insurers are circumventing HIPAA privacy laws (that they are somewhat bound to) that only hold up in the doctor’s office, hospital room or between a health professional and patient anyway. And, they are using information, the type that the average person would think they otherwise had a reasonable expectation of privacy for, for their own interpretation, false or not, for objectionable purposes.
Which begs the bigger question: Outside of the doctor’s office or hospital bed, where should the definition of HIPAA end?
The Health Insurance Portability and Accountability Act (HIPAA) privacy rules were designed because of an accepted societal understanding that health information is highly sensitive in nature and it is a privilege for those tasked with receiving the data. For a medical professional, the responsibility to protect patient privacy is paramount and integral to empowering the patient as well as the doctor-patient relationship. This law encourages a patient to seek medical care in the first place by freeing them of worry that their condition could be disclosed. It preserves personal autonomy. A reasonable expectation of privacy in the healthcare space is also therapeutic by generating trusted relationships which are invaluable to achieving medical compliance and fully informed consent. The boundaries formed by this legislation help facilitate good decision-making, preserve a sense of agency and curb abuse.
Unfortunately, we are living in a time when HIPAA laws have not caught up with technology. We are in the early Wild West days when it comes to the widespread, limitless capacity of others to acquire data about you without your awareness or consent. It is particularly baffling given law enforcement would require court orders to acquire a lot of this information. Why were we not proactive in this arena? So much has already been collected and accessed that a reactive stance will simply not be good enough.
It’s time to extend HIPAA or create a new law
Consider the anxiety you may have had buying your first tampon or pad in the local store when you started having your period. How you waited until a female clerk was at the checkout and hoped they would use an opaque bag and avoid the overhead microphone for any pricing questions. Or, when as a man you are performing the often awkward task of purchasing them for your partner. What about condoms and your patterns of purchase? That junk food binge? Or, your ovulation and pregnancy kits that you love and hate given they have become a constant reminder of your fertility challenges. Would it surprise you to learn that these discreet moments aren’t private and companies in possession of this knowledge can use them to discriminate against you?
This is what is happening right now - and did in different ways in the past on a unique scale. Your doctor may tell you to do certain things that require you purchasing specific foods in the grocery store or over-the-counter products to aid in your recovery. These may be short-term problems in need of a fix. But, a fraction of knowledge out of context in the wrong hands could create long-term struggles for you with health insurance coverage. As the situation currently stands, the odious possibilities are endless - and already in progress.
Maintaining health extends beyond the doctor's office. Entirely eliminating the necessity of third parties in the facilitation of good health is impossible. Muddying up the path to wellness with a preoccupation with concerns over personal privacy violations and predatory coercive acts is not a way to cure disease, fix a broken healthcare system or reduce its financial burdens - it has the opposite harmful sobering effect.