Americans Largely Unaware of Extent that Health Insurers Access their Online Data

A recent MITRE-Harris poll has revealed most Americans are unaware of the extent to which health insurers are accessing their online personal information and how that information is used to build profiles on customers and predict an individual’s healthcare costs. The information gathered by insurers could result in an increase in health insurance costs for certain individuals, based on their personal spending and streaming habits and other consumer-generated data.

Consumer-generated data is separate from the protected health information that is created, received, stored, processed, or transmitted by healthcare providers and other HIPAA-covered entities. Consumer-generated data consists of information about an individual that includes their online activities, membership to organizations, and purchases made by an individual. That information can reveal a lot about an individual.

The survey was conducted in June 2020 on 2,065 adults in the United States to assess the extent to which Americans were aware that this information is being collected from public and private sources by insurers and the attitudes of Americans to the practice.

U.S. consumers are largely unaware of the extent to which insurance companies, including health plans, are gathering and using this data. The data can come from a wide range of sources and can be purchased from data brokers.

89% of U.S. consumers do not believe that their health insurance company knows about their spending and streaming habits, even though that information is being used.

When asked their views on the use of their personal data, a majority thought it acceptable for either their employer (52%) or their insurance company (60%) to use their personal data to design health promotion activities that have been tailored for a health plan member or employee. Two thirds of respondents said it was not acceptable for their employer or health insurance company to gather or purchase outside information about health plan members or employees.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

“These results reinforce that a significant gap exists between what we believe our insurance companies and employers know about us personally, and what they actually do,” said Erin Williams, executive director and division director for Biomedical Innovation at MITRE. “Americans need more education about the ways third parties are accessing and using their consumer-generated data. But it really shows that companies have an obligation to be more transparent about what data they are collecting from third parties.”

Other key findings from the survey were 70% of respondents believe personal health information needs to be shared to stop the spread of disease, but only 44% said they would personally share their personal information to a national database to help stop the spread of COVID-19. Only 36% said they would share information about their temperature, 29% would provide their location, and only 25% would disclose information about their chronic illnesses.

Consumers were willing to share some personal information if there is some reward for doing so, such as improving safety (65%) or for convenience (48%). Consumers generally do not trust social media companies with their health data. While sensitive health data may be shared via social media networks, 59% said they would not be comfortable sharing health data directly with the social media network itself. 77% of respondents said there was no such thing as data privacy in today’s world.

MITRE has developed an Ethical Framework for the Use of Consumer-Generated Data in Health Care which organizations that use consumer-generated data are encouraged to apply to promote ethical consumer-generated data use and better protect users.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: