Why does my insurer want me to scan my vitals from my phone?

If you have recently applied for life insurance, you may have encountered a surprising request: scan your face with your phone's camera to capture your vital signs. For many applicants, this raises immediate questions about privacy, accuracy, and the core motivation behind it. You might wonder why your insurer wants this data and what the reason is for a phone vitals scan. This shift from traditional in-person medical exams to contactless assessments represents a fundamental change in the insurance industry, driven by a convergence of technology, consumer expectations, and regulatory evolution. While the convenience is undeniable, the underlying mechanics and data governance frameworks are what truly matter for both consumers and the compliance leaders at the carriers themselves. The primary reason insurers are adopting phone-based vitals scans is to accelerate the underwriting process while gathering objective health data, but this innovation brings a host of new compliance and data security challenges that must be managed.

"The global remote patient monitoring market was estimated at $14 billion in 2023 and is projected to reach $41.7 billion by 2028, growing at a CAGR of 20.1% annually."

The new underwriting frontier: speed, data, and compliance

The traditional life insurance application process, often involving a paramedical exam with blood and urine samples, can take weeks or even months to complete. This lengthy and invasive process creates friction, leading to high drop-off rates and significant operational costs for insurers. The primary driver behind the move to phone-based vitals is the need to solve these longstanding issues. For chief medical officers and underwriting executives, the why insurer phone vitals scan reason is rooted in a strategic push for efficiency, better data, and a more streamlined applicant experience. By using a smartphone's camera to perform a contactless scan, carriers can capture key physiological indicators like heart rate, respiratory rate, and blood pressure in minutes, not weeks.

This speed provides a powerful competitive advantage. Insurers can deliver decisions faster, binding policies and collecting premiums sooner. For applicants, the benefit is a frictionless, on-demand process that eliminates the need to schedule appointments or have a stranger visit their home. However, this convenience is built on a sophisticated technological and regulatory foundation. The technology, known as remote photoplethysmography (rPPG), analyzes changes in light reflected from the skin to measure blood flow. The data collected is then fed into automated underwriting engines that assess risk based on pre-defined, rules-based models. This automation removes subjectivity and creates a more consistent, auditable trail for how decisions are made, a critical component for regulatory oversight. The challenge for insurers is to implement these systems in a way that is Technologically sound. Fully compliant with a complex web of data privacy and security regulations.

Feature	Traditional Underwriting	Contactless Vitals Scan
Time to Decision	4-8 weeks	24-72 hours
Applicant Convenience	Low (scheduling, in-person exam)	High (on-demand, from anywhere)
Cost per Applicant	High (paramedical exam fees)	Low (software-based)
Data Collection	Invasive (blood/urine samples)	Non-invasive (video stream)
Data Granularity	Static, point-in-time lab results	Real-time physiological data
Regulatory Scrutiny	Established, well-understood	High, focused on data privacy & model fairness

Industry applications and regulatory framework

For insurance carriers, adopting contactless vitals is not just a technology decision; it's a strategic compliance initiative. The target buyers for these solutions, chief medical officers, reinsurance leaders, and compliance heads, are primarily concerned with how to implement these tools while upholding regulatory standards and ensuring data integrity.

Navigating data security and compliance

A central concern is data privacy. A 2023 survey found that 81% of Americans mistakenly believe the health data they share with mobile apps is protected under HIPAA. In reality, many apps are not subject to these rules, creating a significant gap in consumer understanding and a major risk for carriers. To address this, the National Association of Insurance Commissioners (NAIC) has established clear frameworks. The NAIC Insurance Data Security Model Law (#668), now adopted in 24 states, mandates that insurers create a comprehensive information security program, including risk assessments, incident response plans, and consumer notifications. Furthermore, the NAIC Privacy of Consumer Financial and Health Information Model Regulation (#672) governs the collection and use of nonpublic personal information. For a carrier's legal and compliance teams, any contactless data collection strategy must be built from the ground up to align with these rules, ensuring that data is encrypted, stored securely, and used only for its intended purpose.

The role of the chief medical officer

The Chief Medical Officer (CMO) plays a critical role in validating the clinical integrity of data from phone-based scans. Before this technology can be used in underwriting, the CMO must be satisfied that the rPPG measurements are equivalent to those from traditional devices. This involves rigorous internal studies and a deep understanding of the current scientific literature. As research from reinsurance giants like RGA and Munich Re has shown, factors like motion, lighting conditions, and even skin tone can influence the accuracy of rPPG readings. The CMO's validation process must account for these variables and ensure the models used to interpret the data are fair and actuarially sound. This is essential for defending the underwriting program to regulators and reinsurance partners.

Building trust through transparency

Given the widespread consumer anxiety around data sharing, carriers must be proactive in building trust. This goes beyond mere compliance and involves transparent communication with applicants. When requesting a phone vitals scan, the insurer should clearly explain what data is being collected, how it will be used, how it is protected, and how long it will be stored. Providing a clear privacy policy and consent framework is not just a legal requirement; it's a business imperative. By demonstrating a robust data governance program that respects consumer rights, insurers can differentiate themselves and make applicants more comfortable with the process.

Current research and evidence

The technology enabling phone-based vitals scans, remote photoplethysmography (rPPG), is the subject of extensive ongoing research. A 2021 study by researchers at the University of South Australia demonstrated that smartphone cameras could measure vital signs with a high degree of accuracy under controlled conditions. However, the insurance industry requires validation in real-world scenarios. Reinsurers like RGA have published extensive reports exploring the capabilities and limitations of rPPG. Their research highlights that while the technology is promising for measuring heart rate and oxygen saturation, metrics like blood pressure are more complex and require more sophisticated algorithms and larger validation studies.

Key findings from industry researchers indicate that motion artifacts are a primary source of inaccuracy. An applicant moving during a scan can disrupt the signal and lead to a faulty reading. Other factors, such as skin pigmentation and the quality of the phone's camera, also play a role. To mitigate these challenges, technology providers are developing advanced signal processing techniques and AI-driven models to filter out noise and improve accuracy across diverse populations. For insurance medical directors, staying abreast of this evolving research is critical to making informed decisions about which technologies to adopt and how to configure their underwriting rules.

The future of contactless vitals in insurance

The use of contactless vitals in insurance underwriting is poised for significant expansion. As algorithms become more refined and validation studies grow more comprehensive, the range of measurable biomarkers will increase. In the near future, it is conceivable that phone-based scans could also assess metrics like blood alcohol content, glucose levels, or even early signs of certain neurological conditions, further reducing the need for invasive testing.

This technological advancement will be paralleled by an evolution in the regulatory landscape. The NAIC's Privacy Protections (H) Working Group is continually examining the impact of new data sources on consumer privacy. Future regulations will likely become more prescriptive, requiring insurers to provide detailed documentation on algorithmic fairness, bias testing, and data governance. Carriers that build a "compliance-first" digital underwriting program today will be best positioned to adapt to these future requirements. The trend is clear: underwriting is moving toward a model that is faster, more data-driven, and built on a foundation of verifiable trust.

Frequently asked questions

• Is it safe to let an insurance app scan my face for vitals? Yes, when offered by a reputable insurer with a strong data governance program. Leading carriers use end-to-end encryption to protect the video stream and ensure the data is stored in a secure environment that complies with industry standards like the NAIC Data Security Model Law. The raw video is typically deleted immediately after the vitals are extracted.

• What happens to my data after the scan? The extracted vital sign data is used for the sole purpose of underwriting your insurance application. It is subject to strict data retention policies outlined by state insurance regulations and the carrier's internal governance framework. This data is not sold or used for marketing. Applicants have rights regarding their data, which should be clearly explained in the insurer's privacy policy.

• Can I refuse to do a phone vitals scan? Yes. In most cases, a contactless scan is offered as a voluntary and more convenient alternative to a traditional medical exam. If you decline, you will likely be asked to complete the standard underwriting process, which may involve a paramedical exam with a blood draw and a longer waiting period for a decision.

As a leader in regulatory technology, Circadify is at the forefront of building the compliance and data governance infrastructure that makes these innovations possible. Our solutions are designed for chief medical officers and compliance leaders who need to work through the regulatory environment of digital underwriting with confidence. To learn more, explore our compliance guides and regulatory insights at circadify.com/industries/payers-insurance.