Category Archives: privacy

Canadian life and health insurers limit use of genetic test results

Canadian life and health insurers are adopting new policies on the use of genetic test results that will guide how this type of information should be used when underwriting policies. The guidelines would also restrict the type of information companies can collect.

The action by the Canadian Life and Health Insurance Association Inc.(CLHIA) demonstrates the industry’s pledge not to seek genetic testing results from research where the information wasn’t disclosed. Insurers also won’t ask for genetic test results of any other person than the policy applicant. Companies must now have a plan to address complaints related to underwriting decisions.

This adds to the long-standing voluntary ban on insurers asking applicants and policy holders to undergo genetic testing.

The CLHIA, which counts the majority of the industry as members, is clarifying its position on genetic testing less than three months after the Office of the Privacy Commissioner of Canada called on the insurers to stop asking clients for access to genetic data altogether until insurers can show the information is necessary and effective for actuarial purposes. Genetic testing has become a hot-button topic as improvements in science and technology make the process faster, more affordable and easier to access. Canadians are increasingly getting genetic testing done to determine their ancestry, for reproduction planning and to find out their genetic predisposition to diseases such as cancer.

The CLHIA says insurers should have access to medical information to accurately assess the risk profile of potential clients. The group points to research by the Canadian Institute of Actuaries that found there would be a “substantial” impact on companies if they were denied access to genetic test data.

But the intention is not to turn clients away. The insurance group said any applicant denied life or health insurance will get help looking for other coverage – either by insurers or through advisers.

Since existing life insurance policies can’t be changed by subsequent genetic testing, the CLHIA suggests consumers “consider applying and obtaining insurance before undergoing genetic testing.” This maintains the “good faith” agreement, where both parties enter into the insurance agreement with equal knowledge.

“Insurers have one opportunity to assess whether to provide insurance. Those policies can last 40 or 50 years,” said Frank Zinatelli, general counsel of the CLHIA. “If it turns out [later] that you have some genetic condition that can affect you in a negative way, we’ve already made the promise.”

Jacqueline Nelson , Globe and Mail

For Sale: Your Name and Medical Condition

Dan Abate doesn’t have diabetes, nor is he aware of any obvious link to the disease. Try telling that to data miners. The 42-year-old information technology worker’s name recently showed up in a database of millions of people with “diabetes interest” sold by Acxiom (ACXM), one of the world’s biggest data brokers. One buyer, data reseller Exact Data, posted Abate’s name and address online, along with 100 others, under the header Sample Diabetes Mailing List. It’s just one of hundreds of medical databases for sale to marketers.

As the population ages and consumers share more health data about themselves online, a burgeoning industry of data miners has emerged, scooping up often-personal medical data and selling it to marketers. While that’s a boon for companies trying to pitch products, privacy advocates warn that collection practices can cross the line. “People would be shocked if they knew they were on some of these lists,” says Pam Dixon, president of the nonprofit advocacy group World Privacy Forum. “Yet millions are.”

The lists sell for pennies a name and cover some of the most sensitive medical conditions. A database of 1.2 million people taking medication for depression costs 9.5¢ a name, and a list of almost 900,000 erectile dysfunction sufferers goes for 18.5¢ a name. For 15¢ apiece, you can buy 2.2 million households where someone has Alzheimer’s disease. The same fee will buy access to 600,000 with Parkinson’s disease.

More than 1,400 companies sell consumer data. Corporations spent $7 billion in 2012 for access to lists and databases with bits of information on individuals—ranging from whether someone owns a pet to what medication he takes—to better target their ads, according to a study commissioned by the Direct Marketing Association, a data broker trade group. Acxiom reported revenue of $1.1 billion last year.

Americans are used to being sliced and diced along demographic lines. Yet collecting massive quantities of intimate health data is relatively new territory, and many privacy advocates say it has gone too far—especially as data companies refuse to identify buyers of their lists, citing confidentiality. “It is outrageous and unfair to consumers that companies profiting off the collection and sale of individuals’ health information operate behind a veil of secrecy,” says U.S. Senator Jay Rockefeller (D-W.Va.). “Consumers deserve to know who is profiting.”

In May, the Federal Trade Commission recommended that Congress put more protections in place to ensure consumers know how the details they’re sharing are going to be used. Although there is a federal law protecting patient privacy, the Health Insurance Portability and Accountability Act, it applies only to information shared with health-care providers, medical facilities, pharmacies, and insurers along with their business associates. Everything shared outside that context is fair game to marketers, making it legal for data brokers to sell information about someone’s maladies if it was obtained or shared on a website registration form or an online survey.

“It’s not illegal at all,” Dixon says. “If a person reveals health information to a third party outside of the health-care context, that information doesn’t have any legal protection under HIPAA.”

The companies selling the data say it’s secure and contains information only from consumers who want it shared with marketers so they can learn more about their condition. The Direct Marketing Association says it has mandatory guidelines to ensure the data is ethically collected and used, and a website that allows consumers to opt out of receiving marketing material. “We have very strong self-regulation—we have for more than 40 years,” said Rachel Nyswander Thomas, the association’s vice president for government affairs.

Yet the ease with which data about Dan Abate was found in a Google search suggests the process isn’t always secure or transparent. Abate says he never agreed to be included on a list related to diabetes, and the only connection he can think of that may have landed him on the list are a few cycling events he participated in to raise money for the disease. “I don’t have diabetes,” he says, “and I don’t want my information out there to be sold.”

The diabetes mailing list containing Abate’s name was on the website of Exact Data in a section of sample lists that included dozens of other categories, such as gamblers and pregnant women. The diabetes list contained 100 names, addresses, and e-mails. Exact Data Chief Executive Officer Larry Organ says the list posted on its website shouldn’t have included last names and street addresses, and the company has since deleted any identifiable information. He says the data came from Acxiom, and Exact Data was reselling it. The Acxiom list was compiled by various sources—surveys, website registrations, and summaries of retail purchases—that indicated someone in the household has an interest in diabetes, said Ines Gutzmer, an Acxiom spokeswoman.

By Shannon Pettypiece and Jordan Robertson, Bloomberg Businessweek