Health insurers are coming for your data


As Orwellian as this may sound, it comes in response to very basic reality. Insurers in India suffer from a lack of patient oversight once a policy is sold; the consequence of not having a health data repository. Many health providers, both private and public, don’t have electronic health records (EHR)—a digital record of patient information such as hospital bills, diagnosis reports, health history, etc.

In the absence of this, traditional insurers such as MaxBupa, Aditya Birla, and others have decided to get creative. They’re looking at other avenues that may help them paint a more complete picture of people’s health. Healthcare providers, diagnostic clinics, wearables, digital healthcare platforms. Literally, anywhere, because, say, policy experts, there’s nothing to stop them from doing so. Theoretically, they could even reach out to food delivery platforms to map your food ordering habits.

Max Bupa and Aditya Birla Health Insurance have already put out detailed policy documents outlining their plans. Both documents show how insurers intend to categorize insurance holders by using a mix of health data mined from wearables like fitness bands, physical health records, and diagnosis reports. This data, the documents indicate, will help bring to light the true risk that insurance holders pose to insurers.

Categorizing the policyholders

According to Aditya Birla’s policy document, policyholders can be categorized as Red, Amber, and Green. Red is for people who have the highest chances of heart disease.

Those in the minimal-risk Green category could get as much as a 30% discount on their final premium, while those in the Red category may not be eligible for a discount at all. This would mean that while the insurer doesn’t raise premium rates, less healthy policyholders would effectively end up paying more than their fitter counterparts.

From a business standpoint, this seems like a logical progression. From a consumer point of view, however, things are markedly less straightforward. To understand why we need only look at the banking sector from five-six years ago.

Payment Space

Fintech companies had emerged, disrupting the payments space. This forced the RBI to carve out a separate framework for e-wallet companies—from payment processing (PPI licenses) to customer onboarding (KYC regulations). When it comes to insurance though, the Insurance Regulation and Development Authority of India (IRDAI) doesn’t seem likely to go the RBI way.

In its first-ever recommendations on insurance tech (‘insurtech’), IRDAI gave no sign that it would enact separate regulations. This was mainly on account of the fact that selling insurance online now collides with aspects such as data privacy and security standards, both of which come under the ambit of other ministries.

These include the Ministry of Welfare and its draft Digital Information Security in Healthcare Act (DISHA), as well as The Ministry of Electronics and Information Technology’s (MeitY) proposed data protection bill.

But since none of these laws is in force yet, stakeholders in India’s health care system have already started collecting data, controlling it and even modeling insurance products around this. Data points like blood tests, heart rate, calorie count, weight, body-fat index, blood pressure, and others are all up for grabs. The goal here is simple: create an unofficial EHR for India.

But can this health data actually solve the problems plaguing the health insurance market in India? And even if it can, is this legally and ethically sound?

To get to the bottom of this, we first need to understand exactly what sort of visibility insurers presently have of their policyholders.