Page 85 - MC14326 all pages
P. 85
The South African Insurance Industry Survey 2016 | 81
Another emerging phenomenon regarding the theft of consumers, insurers and medical aid schemes. responsibility for processing information in a responsible
health information is medical identity theft, which is the Imagine an insurer or medical aid scheme being able to manner and ensuring the protection of information does
use of stolen medical details to obtain medical care, buy calculate, in real-time, the risk profile of its policy holders not end with the policy holder or member; insurers and
drugs or submit fraudulent billing to medical aid schemes.8 and members and provide competitive premiums based medical aid schemes play a pivotal role and should be
Medical records are worth up to US$50 per record on on the health profile of each of its policy holders or held accountable for ensuring that information obtained
the black market9, which when compared to US$1 per members uniquely. This not only incentivises members to through wearables is processed in a fair manner that does
stolen credit card record, indicates why medical identity lead healthy lifestyles but enables the insurer and medical not infringe on the rights of its policyholders or members.
theft is so lucrative.10 While data coming from your fitness aid scheme to accurately quantify and underwrite its risk In most instances, insurers and medical aid schemes
band or glucose meter may not be as valuable as your exposure. From a consumer perspective the benefits are will need to balance the right of its consumers to privacy
electronic health record on the black market, users of numerous and range from customised premiums, as well against their own business interests. Insurers and medical
wearables and their related applications need to be aware as health-related savings and promotions, to early warning aid schemes should ensure that they are transparent in
of the pervasive nature of the health information being of possible health risks enabling more relevant, just-in-time the type of data collected through wearables, the purpose
collected and stored about them, and what a breach of treatment. for which this is processed, how it is used and secured,
that information might mean. and who it is shared with to ensure transparency.
Privacy awareness in South Africa is still in its infancy.
With health-related information fetching such a high However, there are currently several pieces of legislation All organisations integrating new technologies into their
price on the black market, and cybercrime already a that provide a framework to understand the rights and day-to-day interactions with consumers, like insurers and
problem, it probably will not be long before medical obligations of the user, service provider and other parties, medical aid schemes, will need to start considering the
identity theft and other health data-related crime where personal information is concerned. Policy holders privacy impact of adopting these technologies and the
becomes prevalent in South Africa. While South Africa has and scheme members will need to become more astute consequent business, consumer, and compliance risks.
enacted legislation to protect the privacy of individuals as to the purposes for which their personal information, Organisations should consider the privacy impact in light
and electronic transactions through legislation, such as health-related data, and other data collected through of the following:
the Electronic Communications and Transactions Act wearables provided or utilised by insurers and medical aid
(ECT) and Protection of Personal Information Act (POPI), schemes is processed to ensure that their privacy is not –– nature of information processed (i.e. health information);
cybercrime is often difficult to detect, and identifying and unreasonably infringed.
apprehending the culprit even more so. –– how the information is collected, used and why the
Discerning policy holders and members may protect organisation requires it;
What does this mean in the South African context? their data and themselves by carefully reading terms and
South Africans have also been swept up in the wearable conditions, and available privacy policies on the wearables –– where the information is located and volume of
fever. Fitness bands, for example, are common features and applications they wish to use, as well as knowing their information retained;
in public and in the workplace. Large insurers and medical rights under their local privacy legislation. Furthermore,
aid schemes offer incentives to members who buy and they can defend their data by taking cognisance of –– who has access to the information and whether it is
use wearables and share the related health information the threat of cybercrime and following good security shared with third parties; and
with the organisation. In turn, this information is utilised practices such as taking precautions to secure their
in profiling, and incentivising policy holders and scheme devices through strong passwords, encryption and dual –– the legal obligations in respect of the information.
members. The benefits of the technological integration authentication, as well as being aware of who they are
are multi-faceted and present opportunities for both allowing to access their data and devices. However, the Based on this assessment, the organisation will be
able to accurately determine what the privacy impact
of technology adoption, such as wearables, is and most
importantly where to “draw a line in the sand.”
8 http://oig.hhs.gov/fraud/medical-id-theft/
9 http://www.medscape.com/viewarticle/824192
10 http://www.secureworks.com/assets/pdf-store/other/infographic.healthcare.pdf
