Niall Fennelly sets out key lessons around electronic health records for insurance, and explores what the future could hold
Have you ever peered around your GP’s computer screen to see what software they use? Or pondered a future where your health insurer notifies you via smartwatch that your blood pressure is unusually high (perhaps due to year-end reporting)? During the past few months, the Electronic Health Records (EHRs) Working Party has been working with underwriters and academics to gain a better understanding of what EHRs mean for the UK insurance industry, and how this area might evolve in the coming years.
We can’t think about EHRs without considering online security and privacy. Medical records are immutable data, attached to you forever. In this sense, they are different to credit or debit card details. If my debit card number is poached online, or (as per recent history) I leave it somewhere, it is relatively painless to call the bank and have my details rendered null and void. We can’t say the same about our medical records. When health data is leaked online, some of people’s most personal information is let out to the world.
As a result, health data commands a high premium when it is sold on dark web exchanges that trade stolen information. The illegitimate accessing of health data is a high-profile business, carried out by highly organised, motivated and well-resourced bad actors.
A recent attack left the entire Irish health system frozen, a government and civil service scrambling, and confidential patient histories posted online. The UK government has also experienced challenges associated with privacy. Its recent plan to move GP data into a central NHS Digital database on an opt-out basis was met with negative publicity, and the British Medical Association and Royal College of General Practitioners both called for a delay to the scheme to allow for more public information. While NHS Digital responded by stating “patient data saves lives”, critics called this move a “data grab” and questioned the role of some of the private companies involved. This example perfectly sums up the important balance that needs to be struck between data gathering for research and respect for individual privacy.
UK primary care software and link to insurance
When considering UK health data, we start with the GP. UK GPs generally use one of four software providers to store patient data: EMIS Web, SystmOne, Vision 360 and Microtest. These systems allow the GP to have a central, secure database record for each patient. It is this health data that insurers want to tap into when carrying out medical underwriting or assessing a health insurance claim.
We should not underestimate how large these electronic files can be. An older person who has had several conditions in their lifetime can build up many test results, referrals, diagnoses, notes, clinical correspondence letters and attachments. The insurer only needs a specific view of this data when underwriting or assessing private healthcare claims, and there are obvious privacy concerns around viewing more than is required.
When requested by an insurance company, the data needs to be filtered into a usable report format by the GP. These reports are mostly paper-based and are time-consuming to complete, requiring thought and review. For the insurer, the lack of consistency in the ways GPs fill them out is also an issue.
Modern solutions such as Medi2Data and Niche Health, among others, have spotted an opportunity to automate data access requests. The electronic reports build the link between insurance and GP databases. They save GPs time, have built-in capability to deal with different types of medical data, and provide crucial redaction, secure transfer and other services.
The actuarial members of the EHR Working Party have learned an important point from our underwriting colleagues and from industry experts: GP practices receive a deluge of these requests for data on patients’ records every year. There are approximately 8,300 GP practices in the UK, and they receive a staggering six million requests for patient information annually. These include subject access requests (SARs) from solicitors, the Department of Work and Pensions, patients themselves, and other third parties, such as insurers. Requests from insurers only number about 300,000-350,000, or 5% of the total. Importantly, GPs only receive payment for approximately three million of the requests, as most types of SAR are free.
Given GPs’ busy schedules and the nature of their job, filling out requests for the insurance industry isn’t a priority. When insurers want access to this data, we need to join the queue. If we want GPs to complete reports for us in a timely manner, we need to make the process as pain-free as possible, fitting in with the 95% of other requests on their desk – and we need to incentivise them to help us.
Underwriting and SNOMED
EHRs include medical information coded as SNOMED Clinical Terms. This is the standard international clinical vocabulary for use in EHRs, and is managed by NHS Digital, which is overseeing the transition from the previous Read Codes system.
GP insurance reports include a mix of free text, SNOMED CT data, tables, consultant reports, hospital letters, attachments and other data. As GPs move to electronic insurance reports, insurers can now build a secure data pipeline from GP software providers to insurance underwriting and claims teams, speeding up review and applicant wait times.
The next step for an insurer is to automate the ingestion and initial analysis of this data. As electronic reports come in, the insurer could feed these into an automated rules engine. As with a lot of data analytics projects, the key here is to triage data. An insurer would ideally automate the underwriting of more straightforward cases using SNOMED CT codes, and highlight the difficult ones. This way, senior underwriting efforts can be concentrated on the contentious cases for more detailed review and judgment.
Analysis conducted by a major reinsurer showed that, for medical protection underwriting, 71% of electronic GP records could be assessed by SNOMED CT codes alone. Automated underwriting, in this case, is both possible and worthwhile.
So far, we have concentrated on personal-level data. For many researchers, EHRs mean large databases of de-identified patient records for population-level analysis.
The UK GP software systems mentioned above feed into larger databases such as QResearch, ResearchOne, Clinical Practice Research Datalink (CPRD) and The Health Improvement Network. These databases of UK medical records are important resources in many areas of academic research. They hold millions of UK GP patient records and have enabled a multitude of improvements in patient care, as well as thousands of scientific publications. There is a growing interest in using modern machine learning and artificial intelligence approaches to better identify the risk factors behind various diseases, and to develop predictive models that would allow preventative care. These datasets are the perfect base on which to apply these research questions.
An interesting aspect of the studies conducted on these databases is how important relatively straightforward-sounding health measures are. Everyday measures such as body mass index, pulse, blood pressure and basic information on a patient’s medical history can be used to generate valuable insights. Perhaps, in the near future, advancements in this area will be less about gathering new data, and more about integrating the data that is already available and putting it to good use.
Modern research techniques, when applied to this type of data, could prove to be extremely beneficial when it comes to improving the diagnostic and treatment strategies for conditions that affect a large proportion of the population, such as cardiovascular disease, obesity and type 2 diabetes. Due to lifestyle factors, the prevalence of conditions such as these – and hence their burden on healthcare resource use – is increasing.
As GPS move to electronic insurance reports, insurers can build a data pipeline from GP software providers to underwriting and claims teams
Tech companies are extremely busy developing their strategy in health data – just with a lower-than-normal profile.
First, there is the software. Never a company to miss a data opportunity, Google has gone directly after EHRs by building Care Studio, an EHR search and visualisation tool for medical professionals. It is currently expanding this based on previous pilot projects in Tennessee and Florida. With its purchase of PillPack for $753m, Amazon has started directly competing with US insurance groups for prescription drug data.
On the hardware front, Apple, Samsung, Garmin, Fossil, Huawei, Xiaomi and Fitbit, among others, have made huge advancements in recent years. While they started out tracking users’ sleep, stress, wellness and fitness levels, they’ve evolved to directly track more and more medical data, such as blood oxygen levels, menstruation, breathing rates, body temperature, heart rates and electrocardiograms. The next major developments here will likely come in monitoring body fat percentages and blood glucose levels through a smartwatch – important for the growing population that suffers from the conditions mentioned previously.
Google spent US$2.1bn acquiring Fitbit, stating that it wanted to spur innovation in wearable devices, making them more affordable and increasing their use. Apple CEO Tim Cook, meanwhile, recently said that health will be Apple’s “greatest contribution to mankind”.
With all these developments, it seems reasonable to think that huge troves of the health data available through databases such as CPRD will, in future, be available via monitoring smartwatches. Again, the developments here are as much about data integration as about innovation.
Should these developments from tech companies, and strategies from government, academic institutions and other interested parties, continue, one can expect a profound effect on how individuals manage and think about their own medical records in the future – and thus on how we work in this area.
The EHR Working Party’s webinar ‘Introduction to EHRs’ is live on the IFoA website.
Niall Fennelly is associate director of Data Science at United Health Group and chair of the Electronic Health Records Working Party