Can an insurer deny coverage based on period tracker data

Under the ACA, health insurers in the individual and small group markets cannot deny coverage or charge higher premiums based on pre-existing conditions, including pregnancy or reproductive health conditions. However, the ACA does not apply to all insurance types. Short-term plans, health sharing ministries, and certain employer self-funded plans have different rules. Life insurance and disability insurance are not covered by the ACA and can use health information in underwriting.

What about employer wellness programs that track health data

Employer wellness programs that integrate with health apps create a data flow from your tracking app to the wellness platform, which may share aggregated or individual data with the employer's insurance administrator. If your employer's wellness program asks you to connect a health tracking app, the data you share is governed by the wellness program's privacy policy — not HIPAA in most cases. Participation is typically voluntary, but incentives (premium discounts, HSA contributions) create pressure to participate.

Can life insurance companies access period tracker data

Life insurance underwriting is not subject to the ACA's pre-existing condition protections. Life insurers can and do use health information in underwriting decisions. Whether they would seek period tracker data specifically is unclear, but they are not legally prohibited from using it if they can obtain it. Some life insurance applications ask about health app usage or request access to health records broadly defined.

privacy-in-practice

Can Your Health Insurance Access Your Period Tracker Data?

Period tracker data is not protected by HIPAA because most tracker companies are not covered entities. Here's how insurance companies can and cannot access your reproductive health data from apps.

The HIPAA Misconception The most common misunderstanding about period tracker privacy is that HIPAA protects the data. It does not. HIPAA (the Health Insurance Portability and Accountability Act) applies to covered entities: healthcare providers who conduct electronic transactions, health plans, and healthcare clearinghouses. It also applies to their business associates — companies that handle health data on behalf of covered entities. Period tracker companies are consumer technology companies. They are not healthcare providers. They do not submit claims to insurance companies. They are not health plans. Unless a specific period tracker has a business associate agreement with a covered entity, HIPAA does not apply to them. This means your period tracker data is governed by: The app's privacy policy (a contract between you and the company) The FTC Act (which prohibits deceptive practices) State consumer privacy laws (CCPA, VCDPA, etc., where applicable) Any state specific health data privacy laws None of these provide the same level of protection as HIPAA. The FTC can act against deceptive practices — as it did in the Flo case — but it cannot prevent data practices that are disclose