Legal and ethical constraints in the use of Artificial Intelligence (AI) by Swiss health insurance companies

(1)

Legal and ethical constraints in the use of

Artificial Intelligence (AI) by Swiss health

insurance companies

Bachelor Project submitted for the degree of

Bachelor of Science HES in International Business Management by

Kerim TRUNIGER

Bachelor Project Mentor:

Christophe COURBAGE, Professor

Geneva, 21st August 2020

Haute école de gestion de Genève (HEG-GE) International Business Management

(2)

Disclaimer

This report is submitted as part of the final examination requirements of the Haute école de gestion de Genève, for the Bachelor of Science HES-SO in International Business Management. The use of any conclusions or recommendations made in or based upon this report, with no prejudice to their value, engages the responsibility neither of the author, nor the author’s mentor, nor the jury members nor the HEG or any of its employees.

(3)

Acknowledgements

This project has been completed with the support of various persons. I, therefore, wish to thank them for their assistance and encouragement.

First, I would like to thank my mentor, Mr. Christophe COURBAGE, for his helpful supervision, guidance, and advices throughout the entire preparation of this work and for providing me with helpful sources and contacts.

Then I am also grateful to Ms. FLUECKIGER, Director New Technologies & Data at the Geneva Association, Mr. IRIA, Head of Digital Transformation at La Mobilière and to the three other persons working in the insurance field for accepting to provide me with interesting and helpful answers to my interviews.

Finally, I also would like to thank Mr. KOCH, the Innovation Scout Outpost Silicon Valley and the current Head of services, Underwriting and Legal Department at La Mobilière for the discussions we had and for putting me into contact with various people of the insurance industry, and Ms. MORALES, legal counsel at Barclays for her guidance throughout the legal framework of this project.

(4)

Executive Summary

Experts in new technologies and economists seem to agree: robotics and deep learning by machines will change most of the economic activities in the coming decades, at a very fast pace. If in the past, technological changes mainly brought about gradual increases of efficiency in human work; robotics and the availability of big data, used with Artificial Intelligence (AI) will bring about exponential change to the working world of humanity, in the very near future. It seems almost impossible to predict with certainty what the social, economic, and psychological effect on humankind will be. Simply learning from the experience of past technological evolutions is not enough. Many experts foresee more of a disruption rather than a further, gradual development. Among various other economic actors, health insurance companies may find many benefits by introducing and developing digital technologies such as AI. However, they must consider different limits and risks, which can restrain them in the development of AI. One of those limitations is the complex legal framework that regulates data use and protection, particularly when the available massive data and sources include the personal data of individuals. Furthermore, in order to preserve their trustworthiness and reputation, they must comply with ethical boundaries to retain their current customers and acquire new ones.

Only then will health insurance companies be able to take full advantage of the benefits of these new technologies and obtain valuable return for their sizeable investments in such new tools.

This research has the ambition to produce recommendations to Swiss health insurance companies on how to best achieve balanced, profitable returns through the gradual development and use of AI, within the legal and ethical limits. It further considers the important hurdles and barriers which the introduction and expansion of such new technologies will meet, both internally, with their customers and in the large public, and provide some recommendations which need to be taken into account in the change management process.

A thorough background study and examination of empirical data obtained from insurance experts and staff will provide a solid basis to formulate some main recommendations in how to deal with the trust of customers, the education of the staff, with legal and ethical limits and the necessary required adjustment of governance processes.

(5)

1. Introduction

From the 1990s onward, computer technology has transformed our world more than any other force. Despite its massive impact, most politicians seem hardly able to comprehend this innovation and are even less capable of controlling it. The repercussions of this confusion for our political processes are disturbing. Just imagine a future where governments must patiently wait for algorithms to give them the green light on their budget or their tax-reform plans. Unfortunately, for many twenty-first-century politicians, technological disruption is not at the top of the agenda. Ordinary people across the world are feeling more and more irrelevant in this brave new world of artificial intelligence, globalization, and machine learning. And this fear of becoming irrelevant has made them desperate to wield whatever political power they still have before it becomes too late. Throughout the twentieth century, common workers have worried about their labor being exploited by economic elites. But these days, the masses are more afraid of losing their economic status in a high-tech economy that no longer needs their labor at all. Although most experts agree that robotics and machine learning will change nearly all lines of work in the coming decades, we cannot predict how this change will look like. Will billions of people find themselves economically irrelevant within the next twenty years, or will automation result in wider prosperity and great new jobs for all? Many optimists point at the industrial revolution in the nineteenth century, a time when the fear that new machine technology would create mass unemployment was widespread. Since the start of that industrial revolution, it was pointed out that the development of new technologies has created a new job for each one it made obsolete. Unfortunately, there are good reasons to assume that, in the twenty-first century, the impact of new technology on human employment will be much more destructive. Just consider the fact that humans are possessed of two sorts of abilities – cognitive and physical. In the previous industrial revolution, humans experienced competition from machines largely in the realm of purely physical abilities. Our cognitive abilities, meanwhile, remained far superior to machines. Therefore, even as automation occurred in manual jobs within industry and agriculture, there concurrently emerged new jobs that required the sort of cognitive skills particular to humans – such as analysis, communication, and learning. But in this century, machines are getting smart enough to compete for these cognitive-based jobs, too. Recently, neuroscientists have discovered that many of our choices, preferences and emotions are not the result of some magical human faculty, such as free will. Instead, human cognition comes from our brain’s ability to calculate different probabilities in the space of a split second. These neuroscientific insights raise a troubling question: Will

(8)

artificial intelligence eventually outperform people in professions requiring “human intuition,” such as law and banking? It is highly probable. Computer scientists now know that what looked like impenetrable human intuition was just our neural networks recognizing familiar patterns and making fast calculations about probabilities. Therefore, in the twenty-first century, computers might be able to make banking decisions about whether to lend a customer money, as well as accurately predict whether a lawyer in a court case is bluffing or not. In other words, in the years ahead, even the most cognitively demanding jobs may not be safe from automation. (Harari 2018)

AI is growing nowadays exponentially and will soon be used in many areas of our society such as insurance, healthcare, legal, marketing and advertising and security. Hundreds of millions are being invested into AI and an increasing number of insurance companies are starting to introduce it into their daily activities. Key players of the IT industry and their implementing partners such as the big four and others, are currently massively promoting this technology and have published numerous reports and project findings about its implementation in the next decade. Insurers on their part realize that they could benefit considerably from this new technology, which could help in reducing costs, speeding up processes and thereby gaining time and efficiency, detecting fraud, and reducing health costs. However, they also realize the limitations of these technologies. The further artificial intelligence will be enhanced, the more it will hit legal and ethical constraints that may affect the development of this technology, particularly in the health insurance sector. (Michael 2019)

The use of AI technology requires important amounts of data. Health insurance companies gather huge quantities of publicly available and private information about their customers. They, therefore, have a high responsibility regarding the security of data and protection of its privacy.

In addition to the traditional information stemming from questions asked to the insured, insurance companies are now getting further data through the appearance of two new sources: The first one is continuously generating information through our online activities such as private information published on social media platforms, personal online shopping habits gathered through e-commerce; the second one is data developed through our private search behaviors and searching activities. (Keller, Eling, Schmeiser, Christen, Loi 2018) (Michael 2019)

Insurers must therefore be fully transparent concerning their use of data and be compliant with the data protection specifications in order to be able to keep their

(9)

customers and their trust. (Schmidt 2018) AI will have many positive impacts, but it will also bring about important risks and challenges. (Nakonz 2019)

This study investigates the use of AI in the health insurance sector in Switzerland with a particular focus on its potential and limits in the relationship with the insured.

Digital transformation and the current technological growth are bringing up many debates. The question treated in this thesis is the following: What will be the impact of the use of AI on Swiss health insurance market and what are the legal and ethical limits of its use?

The main objectives of this research are therefore: to assess the general impact of the application of AI enhanced computer programs on Swiss health insurance companies; to determine the present and future legal and ethical limits of such developments, with the purpose of providing a list of recommendations for Swiss health insurance providers on how to best implement and develop AI into their processes. The first part of this study presents the general background and information regarding the current sources, researches, articles, and literature found about this subject. The analysis will then describe how the different interviews have been conducted and will synthetize the various answers. These will then be discussed, and finally, the report will end with some recommendations for health insurance companies based on the findings with a general conclusion.

2. Background

2.1 What is Artificial Intelligence?

Providing a plain definition of Artificial Intelligence is not simple since the scope is wide and various viewpoints are the result of many different definitions. (Dignum 2019) Consequently, the following definition has been established based on multiple sources: AI is the ability for computer systems to learn over time from past data and algorithms, improve themselves and adapt to new data and therefore achieve tasks that usually require human know-how and intelligence. (Shaw 2018) (Panchal 2019) (Shroff 2019) (Copeland 2019)

Various other definitions are provided in the book ‘Responsible Artificial Intelligence’ from Ms. Dignum:

“One of the simplest deﬁnitions of an intelligent system is that of a system that ‘processes

(10)

Another common deﬁnition explains AI as a computational artefact built through human intervention that thinks or acts like humans, or how we expect humans to think or act.

This is the definition put forth by McCarthy, Minsky, Rochester and Shannon in the classic ‘Proposal for the Dartmouth Summer Research Project on Artificial Intelligence’, the founding document that established the field of AI in 1955: “For the present purpose, the artificial intelligence problem is taken to be that of making a machine behave in ways that would be called intelligent if a human were so behaving.”” (Dignum 2019)

Simple pieces of information may have little value alone, but when combined with others they can tell much more. This is also true for datasets: often, their value becomes apparent only when combined with other datasets. Trends can then be found in the newly combined data that were not discoverable from the individual datasets alone. (Mayer-Schönberger, Cukier 2013) For instance, a US traffic-analysis company called Inrix, gathers real-time location data from cars, commercial fleets, and road sensors through their smartphone app. Each one of these datasets is not of much use individually, but by combining them, Inrix can create timely data on traffic flows and jams for its customers, in return for a fee for their services. Moreover, any competent IT person can also make the datasets show what s/he wants to, by taking into account some parameters and not others. (INRIX 2020)

2.2 AI in Swiss health insurance companies today

The compulsory health insurance in Switzerland is based on the Law on Medical Insurance, “Loi sur l’Assurance Maladie” (LAMal) where the insurance benefit is defined by the government, the “Office federal de la santé” (OFSP). On the other hand, the complementary health insurance is regulated by the Insurance Contracts Act, “Loi sur le contrat d’assurance” (LCA). In comparison to many other insurance fields, the Swiss health insurance sector is highly regulated, closed and protected. For instance, both in the basic and complementary medical cover, insured can chose their insurer only among those insurance companies which are accredited in the Swiss market. The principle of solidarity for the basic part of the cover is intrenched in the relevant laws, norms and rules, and loss adjustment is regulated to the most detailed level. This report will provide information related to the use of AI with a focus on complementary Swiss health insurances since its market is more liberal than for the basic cover.1 (TheSwissauthoritiesonline 2020)

1_{Interview with Isabelle Flueckiger, Director New Technologies & Data at the Geneva}

(11)

Digital technologies such as Big Data analytics, Artificial Intelligence, and the Internet of Things are, nowadays, increasingly used by many important actors of our society. The Swiss health insurance industry is benefiting from new data sources that become available from such technological advances. The development of Artificial Intelligence in the health insurance industry is triggering important changes in the type of risks covered by the insurers and the way they underwrite, conduct, and manage claims. The large amount of personal data available is also changing the relationship between the insurance and the customers, as insurances tend to become even more client focused through this new technology. The use of such technological advances has the ability to produce important economic and societal advantages. However, it also leads to challenges, risks and potential costs to the insurance industry, the insured and to the overall society. (Schmidt 2018)

Using such technologies requires the sharing of huge quantities of personal data and it therefore creates important tradeoffs, both for the insurer and the insured. Thus, it is crucial for the health insurance industry to find the right balance between respecting privacy when using personal data and permitting new technologies and innovation. Indeed, not having concrete measures related to privacy protection may negatively affect the insured and result in mistrust, while, having excessive limitations could prevent society from taking advantage of the benefits resulting from technological advances and data sharing. (Keller, Eling, Schmeiser, Christen, Loi 2018)

In Switzerland, there are various initiatives related to Artificial Intelligence that aim at enhancing the use this technology. The ‘Swiss Alliance for Data-Intensive Services’ is an initiative in which the group of experts “DataEthics” develop an ‘Ethical Codex for

Data-Based Value Creation’ that aims to strengthen trust in the use of AI. Another

initiative, called ‘SwissCognitive’, was launched by various industrial companies and by the service sector that are entirely committed to AI. It is used as an exchange and networking platform. Another initiative called ‘Digitalswitzerland’ aims to strengthen Switzerland’s position as a leading innovation hub. And last, ‘Industrie 2025’ is a Swiss AI-initiative that informs, raises awareness, and assists relevant stakeholders with analyses and advices about the Industry 4.02_{. There are also various further specialized} groups and associations dedicated to research in digital technologies such as AI. (SEFRI 2019)

2_{Industry 4.0 relates to a new era in the Industrial Revolution that centers around}

(12)

2.1.1 Opportunities in the use of AI

The use of technological advances such as Artificial Intelligence by Swiss health insurance companies is providing many advantages and benefits in several different sectors. Thanks to the automation of the insurance procedures, underwriting is being improved, becoming smoother and more efficient. Indeed, classic underwriting methods do distinguish and select the different risks, but requires a lot of time, and creates high administrative costs. With the new availability of data and sources, their faster assessment and the current technological advances that enable a timely and efficient data analysis, the underwriting processes length is reduced. The risk assessments are faster, risk selection is improved and thus, allow more personalized rates. While, insurance policies are often considered too expensive, this technology can produce personalized tariffs according to the client’s parameters such as their lifestyle, financial stability, illnesses and more. (Schmidt 2018) (Michael 2019)

Machine intelligence can analyze, identify, and extract information from various documents and pictures. This “computer vision” enables the insurance company to automate daily tasks that usually require manual human know-how and intelligence such as extracting information from written documentation and pictures when underwriting or processing claims. In underwriting, “computer vision” is utilized to check and approve the information and documents provided by the client. It can, therefore, ensure an adequate coverage rate and assist in the identification, prevention, and mitigation of insurance fraud. Indeed, fraudsters tend to pursue similar patterns that can easily be spotted by AI in a very short time span. “Computer vision” is also used in the processing and inspection of claims to verify and authenticate the pictures and to retrieve data from documents provided by the client. This enables an efficient classification of claims and automatization of their related processes. Therefore, it speeds the procedures and correspondingly reduces the risk of human error in the different processes of insurance. For instance, an insurance company uses deep machine learning in its process of recognizing the type of document and extracting information from different medical records such as prescriptions, receipts, and other medical documents. The engine (algorithm) extracts detailed information from medical bills such as the sum, billing number, dates, fiscal identification and determines the medical care and examination. It then, in a matter of seconds, pairs the data collected with the corresponding policy coverage to the insured. Furthermore, AI is very useful to health insurance companies as it can partially replace manual tasks that usually require important amounts of workforce and time. For instance, the development of human language technology

(13)

enables machine intelligence to speak and communicate with human customers through conversational agents such as chatbots. These online chats are operating 24/7 and can recognize and answer to sophisticated client requests concerning health insurance. They, therefore, enable an improved customer satisfaction and allow the insurer to be more efficient and performant by handling significant amount of client inquires. Chatbots, can have various functions such as, providing customers with the needed information, guiding customers through insurance-based processes such as the submission of a claim and can even execute and handle a commercial transaction. (Keller 2020)

Machine learning systems are proficient in identifying patterns and relationships among sophisticated sets of data in manners that would be extremely complex or even inconceivable for human beings. The detected patterns are used as ground in the analytical processes, more specifically in essential tasks for the insurance industry such as classifying, clustering or in the regression analysis. AI can generate very precise predictions since it is able to assimilate complicated nonlinear correlations between large sets of variables. The predictions provided by intelligent systems are, therefore, much more accurate than those resulting from standard modelling methods which often are based on linear models commonly used in insurances. Nowadays, this ability of AI is, therefore, being used to assist human decision-making. For instance, by using AI as an assistant, insurance salespersons can provide customer services that are much more personalized. This increased personalization of the customer services is possible thanks to the better understanding of the customer’s information such as their interactions, products, claims and location data. The salespersons are then provided with suggestions and opportunities to sell new or supplementary products and services to the existing customers, although, the sales agents retain the decision to advise customers with particular product offerings. These types of applications have shown great effectiveness in the improvement of the insurance sales channel. (Keller 2020)

The promising benefits of using AI goes further than enhancing the insurance industry and the insured. As an example, the use of AI can encourage the extension of the insurance coverage to groups of customers such as recent and formerly underinsured or uninsured individuals. It can also help in the expansion of the scope of risks that can be covered, thus, enabling the enlargement of the range of risk pooling, which is one of the essential socio-economic function of insurances. The cost of risk pooling can also be

(14)

reduced through the automation of particular tasks, the increased precision in the assessments of risks and the reduction of adverse selection3 and moral hazard.4 Moreover, using AI could bring innovative risk understandings that may lead to a better mitigation and prevention of risks. Risk reduction can be enhanced through an improved alignment of premiums and risks. AI technology can help us consider every and all factor or specific/smaller datasets to model further/possible needs. Furthermore, enhanced data would help to establish developed risk management and early warning procedures enabling timely actions, thus, reducing losses. Hence, employing Artificial Intelligence could encourage the extension of the primary role of insurance which is pure risk protection, shifting it to prediction and prevention of risks by developing real time models with different scenarios specific to each individual. (Keller 2020)

2.1.2 Risks in the use of AI

Artificial Intelligence learns over time and is based on transaction of significant amounts of data. Their ability to learn, therefore, depends on the quality of the data which they use. This is risky because if there are any biased features in the data, the machine will learn them and will therefore be biased itself. (Keller 2020) As an example, in 2016, Microsoft published on Twitter a new chatbot called “Tay”. This chatbot assimilated the language used by the users of the social network and within a few hours after being released, “Tay” started to post racist and sexist statements. (Schwartz 2019)

Intelligent systems are very complex and challenging to understand. It is therefore very complicated to figure out and explain why and how a system obtained a result or took a specific decision. Moreover, similar to human beings, they can make mistakes, even if the data used does not include any biased features and one error/fake trend could lead to catastrophic forecasting. (Keller 2020)

Additional risks related to the storage, use and processing of personal information include the potential to being hacked or criminally abused, the risk of misuse of private data resulting from illegal operations or through unintentional transmission of data. (Keller, Eling, Schmeiser, Christen, Loi 2018) The huge amount of data gathered for

3_{Adverse selection arises when the insured has more information about its risks than the insurer.}

In this case, high-risk persons purchase insurance whilst low-risk persons do not. As a result, insurance companies raise premiums and limit coverage.

4_{Moral hazard arises when the insureds have an increased risk exposure because they know}

(15)

enabling an efficient functioning of AI carries a risk of setting the basis for surveillance regimes. Data security is very expensive as it requires focused attention and needs to be continuously updated by specialists. (Nakonz 2019)

Further concerns arise from the risk of having well-established technological corporations, such as Google, that might connect to the insurance industry and take advantage of its monopolistic access to person-related information to obtain uneven amounts of profits. This would result in having the insurance industry discriminated and would dump its competitiveness. (Schmidt 2018)

As our ability to gather and asses data has developed, we have increasingly tried to use data to improve many aspects of life. However, this ability does come with certain potential threats. Being excessively data-driven can be problematic because we run the risk of allowing data that is biased to influence our actions. The profusion of detail and insight provided by big data creates a risk where the society could lose perspective and become so fixated on data that it would neglect its limitations or fail to ensure its quality. This would enable the data to govern in manners that could be more harmful than beneficial. (Mayer-Schönberger, Cukier 2013)

A relevant example that highlights one issue about data quality is provided by a Geneva based organization called “Women at the Table”:

“20th century drug trials, the design of safety features in cars, medical treatments, the

work equipment we wear, to name a few examples, are based on data that uses the default of a “standardized male”, a default of flawed systems and cultural standards that currently form the physical framework and infrastructure of how we live and work. These defaults are so normalized we don’t even notice them, yet they have proven to harm and lead to dangerously wrong consequences.” (Kraft-Buchman, Arian 2019)

The digital field is exploding with new and ever-growing technologies that are leading and have led to a very quick increase in the volume of data available. Data is nowadays considered as a new precious resource and is part of our new future. Yet, society should be cautious and avoid becoming excessively data-driven since it could be risky. It might be basing itself on biased data and, therefore, relying on inaccurate results. Note further that big data only takes into consideration past events. (Mayer-Schönberger, Cukier 2013)

(16)

2.1.3 Legal limits

The use of AI as technology in Switzerland is not subject to any law or regulation. However, in order to learn and operate correctly, such technology requires large quantities of data. Swiss health insurance companies are, therefore, required to be compliant with the regulations and laws related to the protection of data, when using private information for their intelligent systems. (Gordon, Gurovits 2020)

Private customer information or personal data is defined by the Swiss Medical Network as: “any information relating to an identified or identifiable natural person, such as a

name, an identification number, location data, an online identifier, date and place of birth, professional information or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

(SwissMedicalNetwork 2020)

In the basic health insurance, customers have the right to access and view their own personal data obtained by the insurance company according to Art.47 of the Federal law on the general part of social insurance law. (LPGA 2019) Customers have the same rights in the complementary health insurance according to Art.8 of the Federal Act on Data Protection (FADP)5_{and according to Art.15 of the General Data Protection} Regulation. (GDPR Art.15 2019)

Swiss health insurance companies must be compliant with two different data protection laws. The first and main data protection legislation is the Federal Act on Data

Protection (FADP) issued by the Federal Assembly of the Swiss Confederation in 1992. This law derives from Art. 13 of the Federal Constitution that states:

“1 Every person has the right to privacy in their private and family life and in their home,

and in relation to their mail and telecommunications.

2 Every person has the right to be protected against the misuse of their personal data.”

(CC 101 Federal Constitution of 18 April 1999 of the Swiss Confederation 2020)

The FADP is only binding in Switzerland for either private entities or federal institutions that process the data of natural or legal persons. It aims to safeguard the fundamental rights and privacy of individuals when their personal information is processed.5 According to Art.3 e, the processing of data means: “any operation with personal data,

(17)

irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data”. (FADP art. 3e) The

Ordinance on Data Protection Certification6_{and the Ordinance to the Federal Act Data} Protection7_{are two complementary standards and regulations to the FADP. The} processing of the individual’s personal information is further subject to rules and laws at a cantonal and municipal level. (Commissioner (FDPIC) 2015a) The Federal Data Protection and Information Commissioner (FDPIC) is the competent body that is responsible for the supervision of the processing of private data by federal entities, corporations, and private individuals. The supervision of data processing at a cantonal or communal level is up to their own data protection agent. (Commissioner (FDPIC) 2015b)

Artificial Intelligence and Big data are directly linked. AI requires large quantities of data to learn over time and operate accurately. Big data methods employ AI for the extraction of value from major data records. However, AI and Big data were not considered when the Swiss laws on data protection were established. The FADP applies only when private data is processed and does not apply on computerized geographical data or anonymized data (where no relationship to an individual can be determined). Nevertheless, Big data incorporates massive volumes of data and, therefore, makes it easier to identify individuals. The Swiss laws on data protection may therefore be applied, although, the data processed has been anonymized at a certain moment. Once the FADP applies, the processing of data must comply with the principles stated in art.4 of the FADP on the processing of data which are the following:

“1 Personal data may only be processed lawfully.

2 Its processing must be carried out in good faith and must be proportionate.

3 Personal data may only be processed for the purpose indicated at the time of collection, that is evident from the circumstances, or that is provided for by law.

4 The collection of personal data and in particular the purpose of its processing must be evident to the data subject.

6_{(CC 235.13 Ordinance of 28 September 2007 on Data Protection Certification (DPCO) 2016)} 7_{(CC 235.11 Ordinance of 14 June 1993 to the Federal Act on Data Protection (OFADP) 2012)}

(18)

5 If the consent of the data subject is required for the processing of personal data, such consent is valid only if given voluntarily on the provision of adequate information. Additionally, consent must be given expressly in the case of processing of sensitive personal data or personality profiles.”

(CC 235.1 Federal Act of 19 June 1992 on Data Protection (FADP) 2019) (Gordon, Gurovits 2020)

The FADP has been revised and a new draft has been presented by the Swiss Federal Council in September 2017. The revision has been drafted based on the General Data Protection Regulation (GDPR) of the EU and is scheduled to be finalized at the end of the year 2020. The main purpose of this revision is to align Swiss law on data protection with the regulations of the European Union. (Wellens 2020) The revision is done to increase the Swiss degree of data protection and to bring it up to the level of the GDPR in order for Switzerland to still be accepted as a third country and thereby keep the ability to exchange data with countries of the European Union. (Tischhauser, Georgieva 2019) It will incorporate the ongoing technological developments and reinforce the protection of private data for natural individuals. The main differences that are included in the revised FADP are that the regulations only apply to natural persons and no longer to legal persons. It also states clear penalties. An intentional violation of the regulations from an individual would result in a fine up to 250’000 CHF. Moreover, new types of data such as biometric and genetic data have been added and now fall under the regulations. (PricewaterhouseCoopers 2020)

The second law with which certain Swiss companies must comply is the General Data Protection Regulation (GDPR). It is the European Union law that sets regulations for the gathering and processing of personal data from persons living in the EU. It was introduced in May 2018 and applies to any Swiss companies that process personal data if the company has an office located in the EU, whether a subsidiary or a local agency acting for account of the Swiss holding corporation and processing personal data. It also applies to Swiss corporations that are not settled or have a branch in the European Union. For instance, if the company proposes online goods and services to a neighboring EU country such as France, it would have EU customers and, therefore, the ability to examine behavior patterns of EU individuals through website cookies. The Swiss companies that fall under GDPR regulations without having an office located in the EU are required to nominate a regional representative in the concerned countries.8 In certain

(19)

circumstances, companies also need to nominate a data protection officer (DPO)9_. Corporations that fall under GDPR must comply with multiple standards and regulations. (European General Data Protection Regulation GDPR 2019)

As with the FADP, the GDPR has in Art.5, a set of principles10 to respect regarding the protection of data when processed. The six main principles are the following:

“1. Personal data shall be:

(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

(c) adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

(e) kept in a form which permits identification of data subjects for no longer than what is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against

9_{See Art. 31 GDPR}_{https://gdpr-info.eu/art-31-gdpr/} 10_{See Art. 5 GDPR}_{https://gdpr-info.eu/art-5-gdpr/}

(20)

accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

2. The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”(GDPR Art.5 2019)

Clear penalties are also stated in case of noncompliance with the GDPR. A noncompliant company could be imposed penalties of up to 20 million Euro or up to four percent of the company’s general annual revenue. Moreover, if companies do not comply with the appropriate law or the law on the protection of data in their contracts, they may endure contractual sanctions, early ending of contracts, compensations for damages and the deprivation of their rights. (European General Data Protection Regulation GDPR 2019) Under GDPR, companies in the healthcare industry are subject to further regulations due to their processing of particular private information such as biometrical and genetical data and data related to health.11_{(Tischhauser, Georgieva 2019) In addition to the} challenges that FADP and the GDPR could create, a new legislation called ePrivacy Regulation (ePR) that aims to complete the GDPR is still under discussion in Europe and is expected to come into force within a few years. This regulation is similar to the GDPR but is centered on the protection of e-communications and has a wider range since it is also protecting legal entities. It has the same fines as the GDPR in case of noncompliance and is expected to impact the digital plans of action for companies since it adds another level of provisions to the GDPR. As with the GDPR, the ePR is expected to apply to Swiss corporations. (Tischhauser, Georgieva 2019)

Further legal limits are imposed to basic health insurances by the “Office Fédéral de la Santé”. (OFSP 2020) Complementary health insurances on their side are also supervised and regulated by the Swiss Financial Market Supervisory Authority. (FINMA 2020)

It is hard to spend any time online these days without being presented with a lengthy user agreement at some point. But do we actually read through them before agreeing to the terms? Current privacy laws require that users get informed about what information is being collected and for what purpose, and that we then give consent, which is why we are bombarded with such requests. If the company then wants to share the data it collects, it uses anonymization – the stripping out of any personal details to preserve the privacy of the individuals – before publishing the data. The privacy laws prevent

(21)

companies from realizing secondary uses of data. Imagine that a company has collected user data and later discovers a new and valuable use for it. Under the current legal regulations, the company would need to seek approval from every user before adopting the data for this new purpose. While the intent of the legislation is sensible, its application in the Big data world may greatly hinder the benefits that could be realized. Additionally, the greater details of big data may allow users to be reidentified from anonymized data, potentially revealing sensitive information in the process. The current tools, either legal or technical, are already proving to be ineffective, and as we move further down the road, they may become obsolete. (Mayer-Schönberger, Cukier 2013)

2.1.4 Ethical limits

Technological advances are strongly shifting the function of data in the insurance industry and the general role of insurance itself. They are promising to bring major socio-economic advantages. However, they are also bringing challenges regarding confidentiality, privacy of personal information, protection of data, and individualization of insurance. (Keller, Eling, Schmeiser, Christen, Loi 2018)

Intelligent systems are omnipresent. Concerns about the ethical implications in the privacy and data protection areas are, therefore, increasingly flourishing among analysts, policymakers, and the society at large. Most of the concerns refer to the capacity or the lack of ability of intelligent machines to make ethical decisions by nature. Ethical debates relate to the assessment of what is good and bad, acceptable, or right and wrong, it also relates to lawfulness, fairness, integrity, and social accountability. Ethical interpretations are therefore defined as having the capacity to determine, evaluate, and establish ethical assertions based on various viewpoints. Due to their rising competencies, autonomy, and communication abilities, intelligent systems are increasingly expected to act as moral agents, meaning that they can judge what is right and wrong and can be held responsible for their performances. When interacting with intelligent systems, users expect them to have identical obligations and responsibilities as when interacting with human beings. This brings up concerns relating to accountability and questions the ability of AI systems to perform in accordance with human principles and to adhere to human rights. (Dignum 2019)

As mentioned earlier, AI works only if provided with large amounts of data. When applying AI, insurance companies, therefore, use the personal data of their customers. This may lead to concerns related to confidentiality and protection of data. The first issues linked to these concerns relate to fairness and discrimination. Fairness can be

(22)

compromised in insurance due to the profiling of the insured and cause discrimination. Here, the term discrimination refers to a situation in which the insured that should be treated equally, are not. It also refers to a situation in which the insured that should have a different treatment are treated the same. To avoid such discrimination, specific characteristics such as gender, ethnic group, sexual preferences, etc. should be disregarded. In the insurance context, the meaning of discrimination is an underlying dilemma. When the insured may receive a treatment based on its personal risk, this may result in disadvantages for protected groups, when having a greater risk than the average. Contrarily, if the insured are not treated based on their personal risk, the classification of risk may be seen as unfair since it treats all the insured equally, even if their risk is not comparable or irrelevant as the personal factors are not taken into consideration. As the World Health Organization states, health is a fundamental right. (WHO 2017) This dilemma cannot be resolved just by excluding discriminatory data characteristics such as gender or ethnic group etc., because any intelligent system would quickly gather those characteristics from other sources such as online media, that freely permits access to personal information. A further issue linked to the concerns about privacy and data protection is about intrusiveness into the right of informational independence. Privacy is generally seen as a fundamental right such as in Article 8 of the European Convention on Human Rights. (Council of Europe 2013) Insurance companies that massively process data and use computerized decision-making may be intrusive in the right of self-determination of persons. The usual corporate models that are based on the monitoring of computer science, reward various behaviors that are considered good and penalize those considered bad according to the insurance corporation. They, therefore, can decrease risks by provoking a change in behaviors or choices in ways of living of individuals. However, they could be seen as intrusive and impeding an independent decision-taking of persons. This may cause issues if persons cannot bear the cost of insurance-coverage for high-risk profiles and are, therefore, limited in their life choices. (Keller, Eling, Schmeiser, Christen, Loi 2018) Manipulation of behaviors using personal information is a further ethical issue. The important amount of exchanges and the profound knowledge about persons provided by AI and Big data results in having the insured exposed to misleading and behavioral manipulations. (Müller 2020)

Other ethical concerns are arising such as the individualization of insurance. With the shifting function of data, the premium of the customers is now established based on their individual risk profile and no longer upon their classification in a particular risk group. This shift is raising different kinds of concerns. One of them is that high-risk individuals

(23)

might be rejected from insurances or may have to pay unaffordable premiums. Another concern is related to the fundamental principle of insurance which is solidarity. This principle may be deteriorated due to an increasing individualization of insurance that might also jeopardize the main objective of an insurance which is risk pooling. (Keller, Eling, Schmeiser, Christen, Loi 2018)

Last January, digitalswitzerland, a Swiss initiative and association that aims to enhance the position of Switzerland as leader in innovation, launched the Swiss Digital Initiative (SDI) in Davos. With the fast evolution of computer science and intelligent data-based systems, the objective of this initiative is to assist the development and application of guidelines, facilities, and procedures for the implementation of ethical principles for companies on a worldwide scale. (DFF 2020) In Switzerland there are no legally binding ethical limits to be respected. However, for the good of their label, companies that use private data from their customers may maintain and promote a good reputation by respecting an ethical code of conduct provided by external experts when processing data, as for example at La Mobilière with the Ethical Code for Data-Based Business by the Swiss Alliance for Data-Intensive Services. 12 (Ethics - Innovation -

data-service-alliance.ch 2020)

12_{Interview with José Iria, Head of Digital Transformation at La Mobilière, Geneva, 08 July 2020}

(24)

3. Analysis

3.1 Methodology

This research used diverse approaches to gather sufficient data to reach the set objectives. It used both primary and secondary data.

First, the current and future AI potential in this sector, as well as it’s legal and ethical limits, have been analysed and compiled based on extensive review of available, second source literature. Secondary data have been further gathered from literature and guidelines produced by personal data protection specialists and institutions.

This compilation provided a general understanding of the different current knowledge around this topic and enabled the structuring of the background that highlights the existing use of AI in the insurance industry and the advantages, risks, legal and ethical limits related to the use of such a technology.

In the second part of the research, primary qualitative data has been gathered by means of a questionnaire, from five managers working in major Swiss insurance groups. These written interviews included Isabelle Flueckiger, Director New Technologies & Data at the Geneva Association, José Iria, the Head of Digital Transformation at La Mobilière, the Regional Business Manager of a large Swiss healthcare organization, an Account Manager of a Swiss insurance Group and the Head of Investment Management in a Swiss major health partner group.The answers provided allow to have a snapshot of the current understanding, knowledge and use of AI in the Swiss insurance industry.

The legal framework has been reviewed and discussed with Carla Morales, a legal counsel working at Barclays. This meeting allowed confirmation of the completeness of the information found about the subject. Additionally, several findings of this research have further been discussed with Stefan Koch, the Innovation Scout Outpost Silicon Valley and the current Head of Services, Underwriting and Legal Department at La Mobilière.

3.2 Interviews

To obtain relevant primary data, a survey has been conducted by means of a standard questionnaire. It has been circulated among major health insurance companies in Switzerland, to assess current attitude, planned investments, legal and ethical limits. The written interview has been done and sent by email due to sanitary restrictions during the current pandemic crisis. The persons interviewed preferred to reply in writing, to avoid

(25)

being pushed into questions to which they would not want to, or were not be able to, reply. Several questions were not answered in the written interviews, either because of confidentiality or because the question was not applicable.

We may also assume that knowledge and statements from insurance staff about AI has been limited and probably also simply absent, because development of such systems is company secret, for various reasons such as:

• Companies are developing such toolboxes secretly because of their sensitivity and the legal aspects and limitations

• They develop them with the aim to reduce staff costs, in marketing, back office, loss adjustment and fraud prevention and detection. But as the technology still is in an exploratory stage, communications about such developments are kept confidential

• Costs of AI introduction are very considerable – currently hidden mostly in the admin and information technology budget lines

As several of the questions are sensitive in terms of business secrecy, it has been necessary to conduct the research in a way that allowed full protection of the sources who accepted to contribute. To do so, at the beginning of the questionnaire, the person interviewed was asked if he/she was willing to have his/her name and the name of his/her current employer kept confidential or he/she did not mind to have them mentioned. The answers of those willing to keep confidentiality were anonymised, but a description of their position and company has been added at the beginning of the interview to enable the reader to have an idea of where the answers came from.

The written interview has been formed based on the current trends of the use of AI in the health insurance industry in Switzerland through the analysis of secondary data, researches, articles, and books. The questionnaire was then split into four different parts in order simplify the understanding of the answers. The first part is about the integration of Artificial Intelligence in the health insurance and aims at establishing in which area of the health insurance AI is being the most used currently and where it is expected to be increasingly used. The second part is about the advantages and constraints (apart from legal and ethical limits) of the use of AI in this industry and aims at determining if the use of such a technology is seen as an advantage from both the insured and the insurer. The third part of the questionnaire refers to where the company of the interviewee is currently focusing the introduction and use of AI. The objective of the questions in this part is to assess in which operations the company currently focuses the use AI, if they are developing and deploying this technology through external consulting firms or through inhouse data scientists and what are the benefits and challenges of their current use of

(26)

AI. It also attempts to determine what the strategy of the company related to the introduction of AI in the next 2-5 years is, and what the constraints are that prevent the company from developing the use of AI even further. The fourth and final part is about the legal and ethical limits to the use of AI. The objective in this part is to see what the legal and ethical limits of the use of AI are, according to the interviewee and in the eyes of the insured. Moreover, the final questions are aimed to identify how the company is dealing with those limits and if they expect them to rather harden or soften in the coming years.

3.3 Results

In this part of the analysis, the answers provided by different members of the insurance industry are described. Each answer is reported in one of the four different parts as in the questioners found in the appendixes.

Integration of Artificial Intelligence (AI) in the health insurance sector at large In this first part of the interview, the majority of the interviewees have answered that nowadays, the area of Swiss health insurance where AI is most often used, is in sales and marketing and in the detection and prevention of fraud. Most of them expect an increase of the use of AI in marketing, but also in direct customer interaction (such as the use of chatbots), in the detection and prevention of fraud and in pricing. Regarding the question on whether there are differences of trends in the use of AI between smaller and larger groups, the answers were quite similar. Most of them replied that a development of the use of AI is more likely to happen in large insurance groups because the use of this technology requires significant amounts of data and resources which might be difficult for smaller insurance groups to gather. One answer however, provided by Ms. Flueckiger, highlighted the fact that the development of AI did not necessarily depend on the size of the health insurance company, but more on how advanced the executive management and board of directors are in their familiarity with AI. She has observed in Switzerland, to the one, small companies with many AI driven processes, and to the other, leading Swiss health insurance companies that are hardly using AI in their operations.13

(27)

Advantages and constraints in the introduction of AI in the health insurance sector (apart from legal and ethical limits)

The first question in this part is to know whether in the point of view of the interviewees, the insured consider the integration of AI in the health insurance to their advantage. Here the answers differed; two persons answered that it depends on the area where AI is implemented. According to Ms. Flueckiger, the integration of AI is seen as an advantage only in certain automated areas, such as customer services for instance, in chatbots or medical advice. In all other areas where personal data is processed, such as risk classification, pricing or fraud detection, she assumes that the insured are concerned and fear unfair treatment and discrimination.16 Another answer provided from a confidential interview states that the insured perceive the use of AI as an advantage only if it is correctly used by the insurance company. As per this interviewee, it is important that the client is informed that he is dealing with AI and that he must be provided with reasons for this use of technology.14 A further answer states that generally, customers are very skeptical regarding the use of personal data and that they do not fully trust the company. The person also added that it is still a long way to go, and that the company must first prove that it can add value through the use of the customer’s data.15_The second question is whether the health industry view the use of AI by Health Insurance companies to their advantage. Answers are mainly positive. It is stated that AI can add value particularly in automation and in the interaction with customers15 _{and that it has a} great potential for the insurance industry but it also carries some risks.14 According to Ms. Flueckiger, the health industry mainly does not see the use of AI by health insurances to their advantage. She mentions that in general, health service providers such as doctors, consider that health insurance companies do not trust their expertise and give more trust to their own AI system and that they come up with their own conclusions based on the data generated by their AI algorithms, regarding the appropriate treatment to be provided. Moreover, it demands some increased administrative efforts for health service providers, since they must document each detail of their decisions, whereas AI algorithms are perceived as a “black-box”. She also states that life sciences and pharma firms fear discrimination on certain drugs and treatments and that health insurances might refuse to pay for them and put pressure to find

14_{Interview with a Regional Business Manager of a large Swiss healthcare organization, Geneva,}

12 April 2020 (cf appendix 3)

15_{Interview with an Account Manager of a Swiss insurance Group, Geneva, 30 April 2020 (cf}

(28)

alternative treatments and drugs based on their own analysis of the data.16_{The third} question refers to the main constraints faced by health insurance companies when using AI, apart from the legal and ethical limits. Ms. Flueckiger asserts that the main purpose of an insurance is risk pooling. However, with the introduction of AI, health insurance companies tend to be willing to have details on the risks of each individual, thus, adapting individual risk premiums or not insuring high risk patients, which contradicts the main purpose of insurance. She also added that with the use of AI, individual treatments are increasingly being scrutinized and, therefore create a debate about who his rightful about decisions. In her view, the right to take decisions is being removed from health service providers while they still have the full medical responsibility for patients.16 Two further short answers, related to customer trust17_{and to the quality of data used in the AI} algorithm.18_{Another answer stated that health is a very personal topic and that the} customer must not lose confidence because of AI. He should be able to decide for himself when he wants his personal data to be processed into AI. “The art is to show the customer where he can benefit from AI without giving him the feeling that the company wants to save costs or that his data is not safe”19_.

Current focus of your company regarding the introduction and use of AI

The first question is to find out on what processes the company of the interviewee, is currently focusing the use of AI. The most common answers were related to customer interactions.One person answered that the current main AI focus is on customer services such as chatbots and recommendations in the company’s applications.19_{Another person} answered that in her company, AI is currently used in marketing, risk assessment and pricing.18_{A further answer provided by Mr. Iria states that the current main use of AI at} La Mobilière is in the automation of back office processes, related to contract management and customer services. He added that some AI components are also being sprinkled into the development of applications in sales and loss adjustment processes. This is empowering the company’s sales agents and claims experts. He finally added that there is a development in the use of AI in some internal actuarial processes, but that

Association, Geneva, 29 April 2020 (cf appendix 1)

17_{Interview with an Account Manager of a Swiss insurance Group, Geneva, 30 April 2020 (cf}

appendix 4)

18_{Interview with the Head of Investment Management in a Swiss major health partner group,}

Geneva, 20 April 2020 (cf appendix 5)

(29)

it is still in the early days due to tight regulations.20_{The next question intends to establish} whether the interviewee’s company is using consulting firms or inhouse data scientists for the development and deployment of this technology. One answers that the company has one internal Data Scientist who is also trying to undertake different projects with external experts.17 Another answer is that they only use inhouse data scientists18 and some others use both consulting firms and inhouse data scientists. The following question intends to determine the benefits of the current use of AI in the company. Mr. Iria answers that the main benefits are in the speeding up of the execution of tasks through (semi-) automation, enabling their experts to avoid spending their time on manual and repetitive tasks and, instead, can focus on applying their expertise. He adds that it translates into an increased cost effectiveness and an increase in the quality of services provided to customers.22 Another answer suggests that the company is benefiting from the use of AI to target marketing.22 A further answer states that the benefits are mainly resulting in a better understanding of the company’s data and possibilities.23 _{The last answer states that the current benefits of using AI are that his} company can efficiently handle redundant customer requests, is now available 7/24, can generate insights from customer inquiries and can play out tailored content to the customer.21 _{The next question is about the main challenges encountered with AI} regarding the company’s processes and staff. A first person answers that one of the challenges is that the results are still of limited quality and value.17 A further answer is that the main challenges are accuracy, the promotion of trust regarding AI and its integration into the existing products and services.21_{Finally, Mr. Iria states that like any} change, the introduction of AI into the company’s operations requires change management. The purpose of the next question is to understand the strategy of the organization with regards to the introduction and use of AI in the coming 2-5 years. The first person answered that the company is continuously developing the chat offer, introducing AI in further applications, and using voice recognition.20 _{The second person} stated that the company’s strategy is to improve the quality of data.22_{A further person} stated that their strategy is to invest into AI technologies and build more resources internally, in order to be able to implement more cases with added value for the

(cf appendix 2)

12 April 2020 (cf appendix 3)

22_{Interview with the Head of Investment Management in a Swiss major health partner group,}

(30)

customer.23_{Finally, Mr. Iria stated that La Mobilière is reshaping governance around} Data and AI, educating their staff on the benefits and risks of using AI, and raising their technical expertise in AI by hiring Data Scientists. The goal is to monitor the new AI trends in the insurance industry, and make AI a part of their software development process.24 The final question relates to the business constraints that may prevent the company from developing the use of AI even further. The general answer to that question is that the main constraints are legal compliance, the data protection regulations, data quality, transparency, and the customer perception regarding the use of this technology. Mr. Iria states that he believes it is currently not cost effective to use AI in some processes, due to current limitations of AI when applied to specific domains. He adds that for La Mobilière, being personal and close to the clients is a fundamental part of the way they do business, therefore, in some key processes AI will never replace humans (by choice).23

Legal and ethical limits to the use of AI

The first question in this part is about the legal limitations from the perspective of the insured. As reported by Ms. Flueckiger, the first limit is transparency. For instance, how can an insured person reject certain AI-based decisions and who is legally liable for it. She added that further limits are data privacy protection and prohibited discrimination. Regarding discrimination she questions how it could be proven, since AI is a “black box”, and what would be enough evidence for the insured to reject potential discrimination.25 The next question relates to the legal limits of the health insurance industry. Ms. Flueckiger replies that the health insurance industry would like to apply AI as much as possible but that they are confronted by various limitations. The first one is the difficulty to explain AI and the need to acknowledge it to regulators and customers. She adds that other limits are the high cost of resources, people and infrastructure and that companies do not have sufficient knowledge and experience and are, therefore, dependent on external consultants. Another limit in her view is the data itself, missing data management and data governance. She states that often, data is not available in the quality needed, or it is not permitted to use it (e.g. data of genomic tests). Additionally, the market share in Switzerland is so small that not enough data is available resulting to

23_{Interview with an Account Manager of a Swiss insurance Group, Geneva, 30 April 2020}

(cf appendix 4)

(cf appendix 2)

Legal and ethical constraints in the use of Artificial Intelligence (AI) by Swiss health insurance companies