Let's cut through the compliance theater.
HIPAA, the supposed fortress guarding health privacy, is a relic. It's
In truth, the Health Insurance Portability and Accountability Act was built for a world that no longer exists. It was passed in 1996 — back when AOL CDs came in the U.S. mail and we still used fax machines unironically. Today's health data flows through a thousand backdoors — apps, loyalty programs, browser cookies,
That's not just a privacy issue. It's a financial one. Because this unregulated data free-for-all is driving up your client's stop-loss premiums, tightening lasers and undermining their ability to negotiate fairly on behalf of the health plan.
The average employer assumes HIPAA covers "health data," full stop. But that's not how the law is written. HIPAA only governs data that comes from covered entities — think doctors,
Read more:
If an employee checks a symptom on a wellness app, downloads a copay coupon, or signs up for CVS loyalty rewards, that data isn't protected. It's monetized.
And here's the kicker: data brokers don't need a name. They just need a ZIP code, birthdate and few behaviors to triangulate a person's identity with startling accuracy. Toss in an IP address or email and it's game over.
The data legally ends up in the wrong hands. Here's a sampling:
1. Coupon and discount drug apps
Pharmacy apps save an employee $80 on a specialty med. But in the process, they quietly log and transmit personal details: drug name, birthdate, device ID, pharmacy location and more.
2. Retail loyalty programs
CVS, Walgreens and others collect full prescription histories under their reward systems. When used outside of insurance (which these programs encourage), the data escapes HIPAA's grasp. It's bundled, scrubbed of names (for legal cover) and sold to whoever's buying.
3. Symptom trackers and wellness tools
From fertility calendars to mood apps, these platforms vacuum up incredibly intimate health info – and few are HIPAA-covered. Many explicitly reserve the right to share or sell user data. And some have been caught shipping it to Facebook and Google in real time.
4. Data broker overlays
Once the health fingerprint is captured, brokers enrich it using voter records, credit bureau overlays, property deeds and purchase histories. This is how "anonymous" becomes "predictive" – and predictive becomes a basis for pricing.
Read more:
Now imagine your client is sending a census to quote stop-loss coverage. It includes names, dates of birth, ZIPs and gender. The assumption is that underwriting will be based on claims or high-dollar utilization reports.
Not anymore.
If a carrier can't get the real claims data — either because the HMO refuses or third-party administrator delays — some simply buy their own intel. Brokers match the census to their own enriched databases. They infer conditions, treatments and risks based on behavioral breadcrumbs.
Suddenly:
- Member 017 is flagged for HIV (based on prescription fills and lab behavior).
- Member 022 is linked to end-stage renal disease (from a coupon app and pharmacy refill pattern).
- Member 111 gets tagged as a transplant risk (diet app and specialty med).
No claims. No medical records. Just cross-referenced consumer data and probability modeling. And with that? Your client's laser just locked in and rates just jumped.
This is where it gets dangerous. If the data were accurate, your client at least would be negotiating from the truth. But in reality, these third-party datasets are often outdated or flat wrong. Worse, carriers typically won't disclose the source of the information. Employers can't audit the assumptions. And brokers can't meaningfully challenge the outcome.
Which means the group can be penalized for conditions its members don't even have — or had years ago but have since resolved. This isn't transparency. It's actuarial profiling with no accountability.
By blocking legitimate data-sharing between employers and carriers (under the guise of protecting privacy), HIPAA is pushing underwriters into murkier, more dangerous waters. Instead of working from claims and clinical fact, they're reaching for commercially packaged guesses — built off a surveillance economy that no one consented to and few understand.
It's backwards. And it's costing your employer clients.
Read more:
HIPAA doesn't address loyalty cards. Or drug coupon apps. Or social media tracking. It has no teeth for what's happening in today's data markets.
The result? A surveillance economy profits from employees' conditions, while the plan fiduciary is stuck defending renewal against data they can't verify, audit or correct.
Until HIPAA is rewritten from scratch – or new legislation fills the vacuum – employers and their broker partners should stop pretending they're negotiating with the full picture. The real underwriting is happening in the shadows.
And it's not just eroding privacy. It's sabotaging the ability to steward plan assets.
