UK Health Insurer Vitality Attacked Over Facebook App Use

By Peter Bernstein
Senior Editor

With wearable technology literally and figuratively changing the face of healthcare insurance as data collected and shared can and will have an impact on rates, a cautionary tale has reared its head in England that is of note.  As none other than the BCC documented recently on its website’s technology page, U.K.-based health insurer Vitality (News - Alert) (former known as PruHealth) has privacy advocates in the U.K. up in arms because of what they believe is a misleading email.

The long and short of this is that Vitality sent an email to customers suggesting they download the applications Moves to continue participation in a weekly cinema ticket loyalty program run by the insurer.  Privacy advocates cried foul contending that Vitality did not disclose the app’s connection to Facebook (News - Alert), who acquired the Finnish developers of the app in 2014. Facebook told the BBC that it runs Moves as a standalone application and does not currently combine information collected via the app with Facebook profiles. 

For its part, Vitality says the promotion tied to the app is just its way to “motivate healthy behavior.” 

Without going into all of the details of the BBC story, which amounts to a case of they said, they said, regarding whether Vitality appropriately disclosed its information sharing policy including with Facebook when Moves users opted into using the app, the issue raised by this is non-trivial.

The facts of the matter are that information about a person’s physical health, even if generated by a wearable device that then goes into the cloud for sharing with healthcare professionals as well as a person’s profile, likely should be considered as sensitive private information not to be shared without consent with third-parties.  In fact, it will be interesting to see as time goes by whether such information falls under such things as HIPPA compliance.   

What this instance does point out is that this area of opt-in/opt-out and disclosure of privacy policies is a slippery slope. This is particularly true for insurers as they adopt more and more Internet of Things (IoT) technologies such as those already roiling the automobile insurance industry thanks to “connected cars.” 

After all, it is not just the collection, analysis and sharing of such data but also its susceptibility to being hacked.  As bad actors, for instance, look for ever more ingenious ways of monetizing their activities, the expansion of vectors of vulnerability are rife with the potential for fraudulent activities including the sale of fraudulent insurance policies to less than educated consumers. 

While there is a rush in all industries to build better profiles of customers for enhanced targeted marketing and creation of improved customer experiences, thinking through how all channels in an omni-channel world can be used or abused is an exercise that marketers are going to have to consider.