New Health Data Regulations Drive New Life Insurance Buying Experience

The regulations will usher in dramatic improvements by simplifying access to a complete picture of a patient’s medical history.

(Image credit: Shutterstock.)

Last month the U.S. Department of Health and Human Services (HHS) announced a broad new set of health data access rules that promise to revolutionize the life insurance buying process in the United States by making it quicker and easier to create an accurate picture of an applicant’s healthcare history. [1]

We’ve had the “right” to receive our health records from providers in the U.S. for well over 10 years.[2] But the data access process is inconsistent and the data provided has often been incomplete. Now these new HHS regulations are tilting the balance of power in favor of the patient. Doctors and medical centers will be required to send a core set of data after a patient authorizes access via a standardized request from the patient’s health app or authorization web page. Note that these standardized accesses are referred to technically—and in the regulation—as APIs or application program interfaces.

In addition to clinical notes on health conditions, the core data includes smoking status, medications, lab tests, test result values, vital signs, height, weight, blood pressure readings, and many other structured data points. A complete list is included in the 1,200 pages of the regulation.

These regulations will usher in dramatic improvements in two key areas of the current process for accessing health records. First the customer is faced today with having to navigate the process put in place by each healthcare provider to authenticate access. Under the new rules that interface will be largely standardized and simplified. Second, it is very difficult in today’s environment to be sure that you have a customer’s “complete” health records.  Because these new regulations standardize the data provided and enable people to gain standardized access to their insurance claims and benefit information it will become easier to gain a complete picture of a patient’s healthcare providers. That information can then be used to more easily access medical history details from those providers.

This brings us to the question of the timeline for compliance with the new regulations. The new regulations go into full effect two-years from last month. Of course, many providers will comply with the regulations much sooner. Health records vendors that fail to comply by the deadline—called “information blocking” in the regulation—could be fined up to $1 million per violation.[3]

The two-year compliance deadline for the new regulations doesn’t mean that we have to wait for two years to take advantage of this transformation. The typical health records authorization (also known as a HIPAA authorization) signed by a life insurance applicant is good for 24 to 30 months. There are open questions around how we will approach authentication and access but the good news is that we don’t have to obtain “all” of an applicant’s health records prior to policy issue. We can make accelerated decisions based on available point of sale health data and continue to compile information after a policy is issued to confirm the accuracy of the health statements on the application and provide value added benefits of access to their comprehensive health record.

Why will we need fewer paramedical exams?

A big reason that there are more paramedical exams for life insurance sales in North America than in the rest of the world is the two-year incontestability clause that is part of every life insurance policy sold in the United States. This means that after two years, an insurer cannot typically contest a death claim for misstatements made on the application. This provision does not exist on life insurance policies sold in most of the rest of the world and those insurers feel less of a need for the protective value provided by a paramedical exam for most applicants. With easy and low-cost access to a customer’s health history, we should be able to drive the risk of misrepresentations on applications way down.

These new regulations have been under development for well over a year but the COVID-19 pandemic is driving an increased focus on the benefits of accessing health data in real time. The pandemic has also ushered in a revolution in telemedicine and remote healthcare monitoring. Life insurers should be asking new product innovation questions. How do we leverage these new tools for compiling personal health records for applicants into profitable health and wellness product features that put the customer in control of their personal health information while contributing to their living long healthy lives?

How COVID-19 May Impact the Insurance Industry

CIO & Technology Leadership during COVID-19: The Unexpected Spotlight


[1] 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT

Certification Program –

[2] “Creating Customer Value From Life Insurance’s Billion-Dollar Health Records Business” by Ciaran Brady, Brian Mulconrey – National Underwriter – March 08, 2010

[3] New Data Rules Could Empower Patients but Undermine Their Privacy – New York Times, March 9, 2020 –

Brian G. Mulconrey //  Brian Mulconrey, FLMI, CLU, ChFC is Senior Vice President at Sureify, he’s also a co-founder at Force Diagnostics, and the former SVP of underwriting audit at AIG.

Leave a Comment