[slg]

This requires the insurance company to be doing something illegal and for it to really cause damage all their competitors have to be doing it as well. If this ever becomes widespread, it would be quickly obvious when a large number of ostensibly healthy people are given quotes that match their genetic profile but not their medical history. I'm just not sure that is a reasonable fear.

[site-packages1]

I think insurance companies aren't above doing anything illegal, especially if it can not insure you/drive you away with a high quote if it saves them many years and millions and millions of dollars covering someone's care for Huntington's or chemo for breast cancer or some other terrible disease for which someone is genetically predisposed.

The punishment for violations of the Genetic Information NonDiscrimination Act can be up to a million dollars in fines and some jail time. It is exceedingly rare for corporate officers to go to jail for acts of corporations, so likely violations would simply be fines. Cancer is expensive to cover (less so for insurance companies working with hospitals, much more for you and I), and the fines are relatively small, with the chance of jail time exceedingly small. I am unaware of anyone who has been prosecuted under this Act at all. I did a cursory search and didn't see anything.

The forgoing leads me to believe that like many crimes that have low rates of prosecution and relatively small fines, it would probably make sense for a corporate board (or series of employees acting under mutual light peer pressure) to use DNA information as an input into their actuarial tables.

Additionally, it would be difficult to spot clusters of people who are otherwise healthy with high insurance quotes. Even if you had the actual insurance quotes, getting peoples' medical information, especially in bulk, is extremely difficult because the aggregators of such information are typically bound by HIPAA.

All that to say, I think this is an extremely reasonable concerned and I would be shocked if companies didn't already use DNA information in some form, even if that form is as some input to a machine learning model, but I'll demurr on that subject because I know little about it.

[slg]

There are a couple problems with this line of thinking. First, a lack of known cases doesn't mean that this is necessarily hard to detect or that it isn't being prosecuted. It might also simply not be happening. That seems to be the most likely scenario given how hard it currently would be to secretly acquire and use this genetic data.

Also you don't need to have a massive amount of HIPAA protected data to be publicly available for someone to notice. There are plenty of independent insurance brokers who serve as middlemen between consumers and the insurance companies. These people have access to all the medicals and usually end up having a decent understanding of how that translates into insurance rates. A drastic change in how insurance companies rate risk would be quickly noticed by these brokers. Right now if a broker receives a particularly bad rate from a specific insurer due to a quirk of their actuarial numbers, they will often turn around and apply to a competitor. That means any single insurer using this information wouldn't necessarily do that much damage to end consumers. It also means that any single insurer who did this would quickly get a reputation for providing rates that look unexplainable on the surface and it won't be long before people start asking why. Once again, I just don't think this is a realistic scenario.

[crumpled]

If the data is managed by a company that isn't in the healthcare industry, HIPPA doesn't apply. An insurance company, even a health insurance company can purchase non healthcare data from an analytics company.

It wasn't HIPPA protected when it was on my heritage, and it won't be healthcare data when it's eventually leaked and resold.

If you don't think legitimate companies are interested in buying that data, look around at the market for our password breach and identity theft data. There's a brisk, legal trade.

[slg]

I never mentioned HIPAA in the context you are implying. I was simply saying it won't protect the malicious actors from being discovered.

> look around at the market for our password breach and identity theft data. There's a brisk, legal trade.

If it is so easy to acquire this data legally, do you want to point to a business from which one can legally purchase "identity theft data"?

[crumpled]

I read about a "threat intelligence" company on here the other day who got hacked for all their breach data. Not all of it is super public, and none of the public dumps are in a tidy package where you can associate users in one breach with users in another breach. Sorry I couldn't find the name of the company.

But there are more than a handful of "threat intelligence" or OSINT providers. I'll let you Google it for yourself.

[stickfigure]

I am also extremely dubious of this risk. At least in the US, a conspiracy of this sort would require hundreds of potentially-disgruntled employees to resist getting rich from whistleblower rewards.

[pavel_lishin]

Or half a dozen engineers building a new "AI-driven" risk evaluation service with nebulous inputs from their manager.

[MattGaiser]

Except these don’t regularly turn up fraud. Wells Fargo kept it going for years. Bernie Madoff kept it going for years.

People knew about both.

[raxxorrax]

There are also laws against looking people up on social media in my country, but in most countries it is legal. 70% are estimated to do that as part of the hiring process regardless of laws.

> An employer who looks at an applicant's Facebook page or other social media posts could well learn information that it isn't entitled to have

True, but you cannot unlearn things...

So the believe in laws prohibiting information spread might need rethinking.

[ddevault]

Mix the DNA info into a machine learning insura-bot and you'll never be able to extract the evidence.

[lm28469]

> This requires the insurance company to be doing something illegal

The problem with laws is that they can be changed relatively quickly while your DNA, and many other things, can't.

Afaik pre Hitler Germany already had a pretty extensive personal registration system that included thing like birth date, sex, _religion_... Which became very convenient later on. Once the data is out there you have to trust the current government and companies as well as all their successors for your entire lifetime (and potentially more in case of your DNA).

It already started btw, some insurance companies give you discounts if you accept to wear their smartwatch to prove that you exercise, it's just a matter of time before it slowly extends to other things.

[coronadisaster]

It doesnt require them to do anything illegal... Pretty sure that they can already buy that information