Is my health data safe when I do an insurance check on my phone?

When an applicant holds a phone to their face for 30 seconds and a scan estimates their cardiovascular signals, a reasonable question follows almost immediately: where does that data go, and who can see it? The mobile underwriting health assessment has moved from pilot programs into mainstream life and health distribution, and with that shift comes a trust problem that carriers ignore at their peril. Consumers are not wrong to ask. The same convenience that lets someone skip a nurse visit also routes intimate physiological data through a smartphone, a network, and an insurer's underwriting stack. For product managers and underwriting leaders, the security architecture behind that flow is no longer a back-office detail. It is a conversion factor.

In 2024, healthcare data breaches affected roughly 289 million individuals in the United States, a 58 percent jump over 2023, according to breach reporting compiled by the HIPAA Journal. After a breach, 66 percent of patients lose trust in the affected organization and 75 percent say they would sever ties.

What a mobile underwriting health assessment actually collects

The phrase "health data" covers a wide range, and the distinction matters for both risk and regulation. A mobile underwriting health assessment typically captures one or more of the following: a short facial or fingertip video used to estimate signals such as heart rate or respiratory rate, self-reported answers to health questions, device metadata, and sometimes a derived risk score that the underwriting engine consumes. The raw video is usually the most sensitive element, because facial imagery can qualify as biometric data under several state laws.

Applicants tend to assume the worst: that a video of their face is stored indefinitely, sold to data brokers, or fed into systems they cannot inspect. A 2021 systematic review of mHealth privacy by Borna Jafarpour and colleagues, published in the Journal of Medical Internet Research, found that patient concern centers on three things specifically: confidentiality of what is collected, control over how long it is kept, and clarity about who it is shared with. Those three anxieties map almost perfectly to the design decisions a carrier controls.

The uncomfortable backdrop is that consumer skepticism is earned. An analysis of more than 20,000 mobile health applications found that 88 percent contained code capable of collecting user data, and only 47 percent of observed data transmissions complied with the apps' own stated privacy policies. When an applicant hesitates before a scan, they are not being irrational. They are pattern-matching against an industry that has frequently said one thing and done another.

How mobile assessment data compares to the traditional exam

It helps to compare the data footprint of a phone-based assessment against the paramedical exam it often replaces. Neither model is automatically safer. Each concentrates risk in different places.

Dimension	Traditional paramedical exam	Mobile underwriting health assessment
Data collected	Blood, urine, vitals, often full medical history	Facial or fingertip video, self-report, derived signals
Where it is captured	Applicant's home or clinic, by a third-party examiner	Applicant's own device
Parties touching the data	Exam vendor, lab, courier, carrier	App provider, cloud host, carrier
Primary breach surface	Physical samples, lab systems, paper records	Mobile transmission, cloud storage, APIs
Retention transparency	Often opaque to applicant	Can be surfaced in-app at point of capture
Applicant visibility into process	Low	Potentially high if designed for it

The table points to the real lesson. The mobile model does not remove risk so much as relocate it from physical samples and labs toward software, transmission, and storage. That is a surface security teams understand well and can instrument, which is part of why the model can be made trustworthy. But it only earns trust when those controls are real and visible.

Key principles that separate a defensible deployment from a liability:

• Encrypt data both in transit and at rest, not just one or the other.
• Minimize collection. If a derived signal is all underwriting needs, raw video should not persist.
• Set and disclose a retention clock, then actually delete on schedule.
• Keep applicants out of any secondary data sale or marketing use entirely.
• Make consent specific and readable rather than buried in a 40-page agreement.

Industry applications: where security becomes a trust signal

Point-of-sale reassurance

The moment an applicant is asked to scan is the moment doubt peaks. Carriers that surface a plain-language explanation at that exact step, stating what is captured, how long it is kept, and that it will not be sold, see the security message land when it matters. Treating privacy as a feature shown in context, rather than a policy linked in a footer, changes how the request feels.

Underwriting and data governance

For underwriting VPs, the question is Consumer trust. Regulatory exposure. The NAIC Insurance Data Security Model Law, Model #668, requires insurers to maintain a written information security program, investigate cybersecurity events, and notify regulators of breaches. More than 20 states have adopted versions of it. A mobile assessment vendor that cannot map cleanly to those obligations becomes the carrier's compliance problem, not just its own.

Vendor and API risk management

Mobile health apps have repeatedly leaked sensitive data through poorly secured APIs rather than through the app interface itself. For insurtechs building or buying assessment technology, API security, penetration testing, and third-party audit reporting (such as SOC 2) are the difference between a defensible architecture and an incident waiting to be disclosed.

Current research and evidence

The regulatory picture sharpened considerably in 2024. The Federal Trade Commission's amended Health Breach Notification Rule, effective July 29, 2024, extended breach notification duties to health apps and platforms that fall outside HIPAA, closing a gap that many consumer health tools had quietly occupied. Under the Gramm-Leach-Bliley Act, the FTC's updated Safeguards Rule took effect May 13, 2024, requiring covered financial institutions to report breaches involving unencrypted customer data affecting 500 or more individuals within 30 days. Encryption stopped being a best practice and became, in effect, a reporting trigger.

State law moved in parallel. Washington's My Health My Data Act, effective March 31, 2024, treats consumer health data, including biometric identifiers, as a protected category with consent and deletion requirements that reach well beyond traditional HIPAA-covered entities. Proposed amendments to the HIPAA Security Rule, published late in 2024, would make currently "addressable" specifications mandatory, including encryption of electronic protected health information at rest and in transit.

The consumer-trust research is just as instructive. Work summarized by the University of Pennsylvania's Leonard Davis Institute found that consumers extend markedly less trust to technology companies handling health data than to their own clinicians, and that trust is contingent on perceived control. The signal for carriers is clear: applicants do not extend trust by default to a phone-based process. It has to be built, demonstrated, and re-earned at the point of capture.

The future of mobile underwriting health assessment security

Three shifts are likely to define the next few years. First, on-device processing will expand. The more a scan can be analyzed locally so that only a derived score, not raw imagery, ever leaves the phone, the smaller the breach surface becomes and the easier the privacy story is to tell. Second, retention will tighten. As deletion mandates spread across state lines, indefinite storage will become a liability rather than an asset, and short, disclosed retention windows will become a competitive differentiator. Third, transparency will become a product surface. Expect applicant-facing dashboards that show what was collected and offer one-tap deletion, turning a compliance obligation into a trust feature.

The carriers that win this space will treat security architecture as part of the applicant experience rather than a separate concern owned by legal. A mobile underwriting health assessment can be more private than the exam it replaces, because software controls are auditable in ways that a courier carrying a blood sample never was. But that outcome is a design choice, not a given.

Frequently asked questions

Is a phone-based insurance health scan safe?

It can be, and in some respects safer than a traditional exam, because the data flow is digital and auditable. Safety depends on specific controls: encryption in transit and at rest, data minimization, disclosed retention limits, and a firm prohibition on selling the data. Ask the carrier or vendor to state those plainly. A provider that cannot answer clearly is the warning sign, not the technology itself.

Is my facial scan video stored forever?

It should not be. Well-designed systems extract the signals underwriting needs and then delete raw imagery on a disclosed schedule, sometimes within minutes or days. Under laws such as Washington's My Health My Data Act, biometric data carries consent and deletion obligations. If a process does not tell you its retention window, that absence is itself meaningful information.

Can my health data from a mobile assessment be sold?

Reputable insurance assessment programs do not sell applicant health data, and selling it would trigger serious regulatory exposure under state health-privacy and insurance data-security laws. The risk historically came from consumer wellness apps operating outside HIPAA, a gap the FTC's 2024 Health Breach Notification Rule amendment was written to address.

What regulations protect my data during a mobile underwriting health assessment?

Several overlap: the NAIC Insurance Data Security Model Law adopted by most states, the GLBA Safeguards Rule, HIPAA where it applies, the FTC Health Breach Notification Rule, and state laws like Washington's My Health My Data Act covering biometric and consumer health data. Together they require security programs, encryption, breach notification, and limits on use.

Circadify is building in this space with a self-scan model designed to keep the data footprint small and the security story legible to applicants and underwriters alike. Carriers and insurtechs evaluating how to deploy a mobile underwriting health assessment without inheriting a trust problem can review product demos and integration guides at circadify.com/industries/payers-insurance.