On the surface, it makes sense. Healthy people generally cost insurers less, so why not encourage policyholders to live healthfully by doling out perks and discounts, and then track them to make sure they’re sticking to their end of the bargain? This was the logic that spurred one the nation’s largest life insurance providers, John Hancock, to offer massively discounted Apple Watches to customers. But there’s a major hitch: by tracking all that data, policy holders may be giving away a lot more than they realize.
John Hancock first rolled out its Apple Watch promotion in 2016, as part of the Vitality program, which is designed to offer perks to policyholders who live healthy lifestyles. Through the program, participants could buy a $350 Apple Watch for just $25, and earn an almost-free watch along with insurance discounts by meeting exercise goals over a two year period. On Monday, the company announced that it was expanding the program availability to all participants of the Vitality program. The program, the company said, had been a tremendous success, with about half of policyholders meeting monthly activity goals.
The thing is, even health data like how many steps you’ve taken can be pretty sensitive, revealing information.
“Once that data is in their hands you cannot control how they are going to use it,” Pam Dixon, executive director of the World Privacy Forum, told Gizmodo.
In the past few years, we have already begun to see examples of the surprising ways in which such data can be used. In a 2014 case, a Canadian law firm used Fitbit history to prove a client’s personal injury claim. The next year, data from a Fitbit was used to undermine a woman’s rape claim. In February, a man’s pacemaker put him in prison for arson.
And in an email to Gizmodo, John Hancock clarified that its access to information about those participating in the program is expansive.
“The Vitality Group has set up direct integration with Apple Watch through the Health app,” the company said. “After the member gives his/her permission to share data from the Health app, recorded data (steps, active energy and weight) from the Apple Watch regularly syncs to the John Hancock Vitality app, enabling policyholders to earn Vitality points for their activities.”
In other words, John Hancock is constantly mining your Apple Watch data for information about your health.
John Hancock is not the only company to integrate such tracking with insurance pricing. Health insurers including UnitedHealthcare offer perks for meeting goals while wearing fitness trackers, as do some workplace wellness programs offered by individual employers.
The problem here is two fold. First, is the issue of how such tracking directly affects a person’s coverage. The second, is other ways that data might be used.
John Hancock’s program offers participants the ability to save up to 15 percent on their premium. But those who don’t meet fitness goals may wind up having to retroactively pay for their watch on top of not receiving discounts, which critics have noted is unfairly biased against people who may not have lifestyles that allow them to make it to the gym, like low-income people working multiple jobs.
There is also the question of whether that information could be used to either raise premiums or deny coverage.
“Can you imagine if after the holidays you get a reminder from you life insurer saying, like, ‘You’ve gained seven pounds over the holidays, your premium is going up,” said Dixon. “It’s like behavioral control.”
The Affordable Care Act bars insurers from denying coverage to customers with preexisting medical conditions, but if that rule is ever successfully lifted by Congressional Republicans, insurers could turn to wearable data for evidence to deny health care or raise rates.
And the ACA does not offer the same protections for other forms of insurance, like life insurance. Auto insurers, for example, are already relying on similar methods to determine coverage rates, by asking customers to install devices in their cars and setting rates based on driving behavior.
John Hancock said that it never uses data from Vitality to underwrite insurance policies, but there isn’t much besides that promise that prevents it from doing so. It’s easy to imagine our health data becoming a point system akin to, say, a credit score, used to rate us and determine how much we will pay for a variety of things.
“You’ve got someone looking over your shoulder all the time,” said Dixon. “I don’t know if that’s something we want as a culture. How much do we care about saving a dollar and what are we giving up for that dollar?”
Perhaps the bigger issue though, is the lack of information about who else besides John Hancock might see your data and other ways it might be used.
The company told Gizmodo that it does not sell health data to anyone. But it also said that it does share personal health data with third parties “who perform services on our behalf” like NutriSavings, an independent program that encourages healthy eating through which policyholders can qualify for a HealthyFood benefit.
“They are required to have information protection safeguards in place,” said John Hancock. “We are contractually bound to only use the information to perform those services and are not permitted to use the information for marketing purposes.”
But John Hancock is a big, old company, which also includes an investment arm and retirement plan services. And in 2004, it was bought by a Canadian insurance firm, Manulife Financial. There’s nothing in its statements or the law that prevents the company from sharing information with other companies under its umbrella, or with future companies that might become part of the network, said Lee Tien, a lawyer with the Electronic Frontier Foundation. Unlike health data your doctor gets, information John Hancock collects from an Apple Watch is not protected under HIPAA.
“Americans generally believe in some way that their medical or health information is treated in some ways than other information,” said Tien. “But Apple is not your doctor and whoever you send your information to is not your doctor.”
And while the company does allow users to revoke permission at anytime, it’s unclear whether John Hancock might still hang on to certain insights gleaned from the data it has already collected.
Google, Apple, and other companies are investing heavily in health tracking technology, hoping that devices like the Apple Watch will allow us to track data and easily share it with people like doctors. In September, the FDA announced that Apple, Fitbit, Google, and others would all join a pilot program designed to speed the development of such technology.
The biggest problem, both Tien and Dixon said, is that it’s hard to anticipate how valuable this information might be in the future, and how it might be used then.
“In the next 20 years we just don’t know what technology is going to bring to us, but I would guess we are going to have some very surprising things related to biometrics,” said Dixon. “I am cautious about handing over this type of data without very robust rules.”
An extensive report published last year by the Center for Digital Democracy and American University concluded that there are almost no privacy safeguards in place for consumer health data, and that there are plenty of industries ready to mine that data for profit. Combined with other consumer data easily available for purchase from data brokers, health information could be used to paint a startlingly detailed portrait of individuals.
“Biosensors will routinely be able to capture not only an individual’s heart rate, body temperature, and movement, but also brain activity, moods, and emotions,” the report read. “These data can, in turn, be combined with personal information from other sources—including health-care providers and drug companies—raising such potential harms as discriminatory profiling, manipulative marketing, and security breaches.”
Of course, plenty of people do benefit from tracking their activity via Fitbits and Apple Watches. It can be helpful to have something remind you that you’ve spent your whole day on the couch. But if you’re looking to cash in on the health benefits of wearables, it might be better to just buy one yourself. In the end, it might wind up costing a whole lot less.
Update: This story has been updated to accurately reflect when the Apple Watch program rolled out.