A recent case in the consumer court involving a Silvassa-based Digit Insurance policyholder’s rejected health claim has triggered questions around the extent of digital access that insurers can gain into their customers’ private data.
The policyholder, Vallabh Motka, was covered under a Rs 6.5-lakh health insurance policy and had to be admitted to a private hospital in Valsad in September 2024. Subsequently, he filed a reimbursement claim of Rs 48,215, which was rejected. One of the grounds for rejection, according to his complaint filed with the Consumer Dispute Redressal forum, was that the hospital stay did not show up in his mobile phone’s Google location history.
Consumer forum’s ruling in favour of the policyholder
The consumer forum ruled in the policyholder’s favour and directed the insurance company to pay up the claim as also compensation for the mental harassment caused. Investigators hired by insurers mislead patients and gain access to their phones to view their Google location history, Motka’s lawyer said, as per a Times of India report. “This is illegal, as insurers do not have the authority to check a person’s private details. It’s also possible that the patient had their location settings turned off or faced network issues,” he said.
On its part, the company termed the reports suggesting that the claim was rejected solely due to the mismatch in Google timeline inaccurate. “We wish to clarify that, following an initial review, which indicated discrepancies in the submitted documents and a break in hospitalisation, the company initiated an investigation conducted by an empanelled agency. The findings revealed multiple inconsistencies, including patient’s presence for the entire hospital duration, discrepancies in the submitted bills and hospital records, inflated and inconsistent treatment details,” Digit's official statement said, adding that access to Google timeline was obtained with due consent and these factors collectively led to the claim repudiation.
“The forum, while relying on a doctor’s certificate provided by the complainant at a later stage, concluded that the company’s submissions did not constitute a sustainable defence and ruled in favour of the complainant,” the company told Moneycontrol, and indicated that it will proceed with further steps after receiving a certified copy of the order.
While the order could go into appeal, it is imperative to understand the steps that you can take at your end to protect your privacy while sharing data with financial institutions.
Also read: Faced with health insurance premium hikes and claim disputes? Here’s what policyholders can do
The legal position
What is clear is that insurers cannot gain access to your private data without your explicit consent. According to Accord Juris managing partner Alay Razvi, under the present laws or IRDAI rules, insurers cannot demand Google location tracking data at the time of claim settlement. “Digital Personal Data Protection Act, 2023 categorises location as sensitive personal data and requires prior consent, limited use, and safeguards. IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 prohibit collecting or processing personal data without notice and consent,” points out Razvi. Moreover, IRDAI’s health insurance regulations, 2016 do not provide any scope for using GPS or mobile tracking in claim assessment, he adds.
IRDAI’s Protection of Policyholders’ Interests, Operations and Allied Matters of Insurers) Regulations, 2024 has laid out norms to be followed by insurers while handling customers’ sensitive data. “Regulation 15 of the 2024 framework requires insurers to protect policyholder data in line with the Digital Personal Data Protection Act, 2023 and the IT Rules, 2011. It mandates explicit consent before data can be used or shared and prohibits default clauses that force policyholders into giving up their rights. This means insurers cannot rely on location history to decide claims unless it is clearly provided for in the policy terms and the policyholder has given informed consent. Otherwise, such practices may breach both IRDAI regulations and data protection laws, and be open to legal challenge,” says Kunal Sharma, founder and managing partner, Taraksh Lawyers and Consultants.
To be sure, they can access some data and documents, subject to certain stringent provisions. “Insurers may, subject to specific consent and regulatory safeguards, access certain digital records to evaluate risk or verify claims. These may include hospital records, electronic health reports, diagnostic results, wearable health device data, telematics data, pharmacy purchase histories, and identity authentication through e-KYC,” says Sharma. However, they ought to comply with the DPDP Act and applicable IRDAI regulations, besides disclosing the purpose to the policyholders at the time of data collection. “Any overreach or unauthorised use of digital data can attract penalties and undermine the insurer’s duty of good faith and fair dealing,” says Sharma.
Also read: Health insurance claim rejected? Approach the insurance ombudsman for complaint resolution
Aggrieved customers must escalate complaints
According to Shilpa Arora, co-founder and chief operating officer, Insurance Samadhan, a firm that helps policyholders resolve their grievances, insurers can typically use your location-related data only when it is relevant for your claim – for instance, accident site verification and with your consent, especially when mobile apps or telematics devices are involved. “At the time of hospitalisation there is no mandate that the patient has to carry the mobile phone and we can't expect that the policyholder will be able to carry it in an emergency situation. These are common practices being seen where claim is rejected basis google timelines, but these claims are payable once a grievance is raised,” she says.
At your end, if you feel your claim has been rejected unfairly, you ought to first escalate the matter to your insurers’ grievance redressal officers. If they fail to resolve your grievances, you can approach the insurance ombudsman offices or the consumer courts.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
