More creepy monitoring: USAA collecting health information from patient portals

Veteran health reporter Anne Zieger has uncovered another instance of data mining that could be a benefit–or not. USAA, a financial services company for military and veteran families, has started to collect health data via electronic records from life insurance applicants at the Department of Veterans Affairs and Department of Defense. They have streamlined the health records process in the application by developing with Cerner a feature called HealtheHistory that retrieves the data via the patient portal from the applicant’s EHR after consent. It cuts application time by 30 days, but the implications raise some alarms. In Ms. Zieger’s view, we should consider this carefully before huzzahing this type of data sharing:

  • Is an insurer going to care much about HIPAA compliance on PHI? In her view, not likely.
  • Is it a good idea to give an insurer full access to health data? There is the case of an otherwise healthy woman who tested positive for the BRCA 1 gene which indicates that the carrier has an increased risk of breast and ovarian cancer, who was turned down for insurance by USAA. To not disclose would be fraud, but the nuance is risk, not the condition.
  • Will the information be shared within USAA for judgment on other financial instruments, such as mortgages–regardless of legality?

EMR and EHR  Our previous look at data gathering on medical conditions run amok is here