News that the UK’s National Health Service (NHS) released 47 million patients records to an actuarial society has caused a bit of a stir. The society used these records to help insurers refine the rating of critical illness cover. The case is a jumble of issues and I’ll home in here on the ethical ones for insurers.
Both the Institute and Faculty of Actuaries (IFoA) and the NHS have reassured the public that the data was anonymised and patient privacy was never at risk. That reassurance holds water only if the data was anonymised to the extent that it was incapable of subsequently being de-anonymised. Methods for de-anonymising data have progressed in leaps and bounds in recent years, and are now vastly more sophisticated than the way in which one student drilled into a release of patient records in Massachusetts and posted the then Governor’s personal treatment records to him as a rebuttal of his ‘your privacy was protected’ assurance (more on that story here and on anonymisation issues here).
So how sophisticated has de-anonymisation become? A lot can be done with just the outward part of a postcode (e.g. NE8) and year of birth left in a dataset, so long as it can be analysed alongside associated datasets. That’s where data brokers like Experian (who, incidentally, supported the actuarial society’s analysis of the NHS data) come in. Indeed, some well known data brokers are quite openly offering de-anonymisation services to the insurance sector.
So what can be done about it? Remember there’s an obvious tension between how much you anonymise data and how much value its recipient can extract from it. Strip out a lot of personal identifiers and the value decreases, but personal privacy is more protected. Keep them in and the data’s value goes up, but personal privacy is endangered. One way to negotiate a slippery slope like this is through consent – people give up some privacy in return for some value they understand and accept. That however needs to be an explicit process, not just some loose assumption made by an executive likely to be under the odd conflict of interest or two.
The insurance sector (of which actuaries are an important part) still has a long way to go up its learning curve for consent. Back in 2012, in a paper I wrote for the Chartered Insurance Institute, I suggested that the insurance sector should follow the NHS’s example and create their own equivalent of ‘Caldicott Guardians’ to bring the consumer’s voice into any internal corporate debate about privacy and consent. Another step would be for a step change in data governance within the insurance sector and in particular, the attention given in such governance to ethical issues like privacy and consent. A step change? Perhaps more than just the one step is needed, if the governance survey mentioned lower down in this story is anything to go by. South Korean insurers are learning just how much getting it wrong on privacy can cost.
The NHS now admit that this release of treatment records was a mistake. Indeed, new rules in support of GP records being incorporated into an expanded NHS treatment database would make any such future data release illegal. In the future, treatment records would be released only for the purpose of improving health or health systems. The IFoA has been emphasising its non-profit making status, but clearly, the use to which actuaries working in the insurance sector will put the findings coming out of the actuarial society’s analysis of this data will be absolutely commercial.
I don’t believe that an individual insurer was able to tweak an individual policyholder’s premium or cover as a result of the release and analysis of this treatment data. It would have been done in aggregate, through portfolio rating adjustments. It did however seem to come close to that. A few meetings, a contract or two, some data transfers and in particular, the pressing of a few ‘big data’ buttons would have brought it all down to the individual level. All very easy to arrange, and on a ‘need to know’ basis as well, given, ironically, the reputation of data brokers for secrecy. The result would be the public’s mistrust of the insurance sector becoming that bit more engrained.
Some chief executives of insurance firms may be tempted to dismiss all this as ‘making a mountain out of a molehill’. The danger of so doing is well illustrated in this report issued last week by the Chartered Insurance Institute and consultants Oliver Wyman. It looks at how well UK insurance chief executives are responding to the UK regulator’s agenda on conduct risk. The findings aren’t good – insurance firms are lagging behind that agenda and their approach is inconsistent. More importantly here, one of the four key trends the authors focussed on for being a particular challenge for the insurance sector was this : “setting the boundaries for the use and management of customer data to ensure that technological progress does not outstrip regulators’ and customers’ appetite for intrusion.”
The message is clear: insurers need to tread more cautiously when sourcing data about policyholders. It is an ethical minefield that will take casualties over the next few years.