
Dark Algorithms and UX in Health Insurance - luu
https://jb-rubinovitz.ghost.io/dark-ux-and-health-insurance/
======
beat
This is a classic case of attributing the results of stupidity to malice.
Insurance companies are _heavily_ regulated and subject to massive fines and
public embarrassment for things like deliberately preventing the insured from
filing claims. And this sort of petty detail in the UI, being directed from
C-level executive management? It doesn't pass the smell test. They're
managers, not supervillains.

No, this is just garden-variety incompetence. This is the result of incredibly
complex specs being implemented by teams of dozens or hundreds, including
offshore work and highly distributed teams. The kind of evil plots suggested
here would be passing through not just executives, but architects, product
owners, scrum masters, lead engineers, and the delightfully unpredictable
hands of the cheapest programmers money can buy. _Dozens_ of opportunities for
sabotage of something so overtly evil.

I've worked in insurance IT quite a bit. They're just not smart enough to do
this.

~~~
wnevets
>This is the result of incredibly complex specs being implemented by teams of
dozens or hundreds, including offshore work and highly distributed teams. The
kind of evil plots suggested here would be passing through not just
executives, but architects, product owners, scrum masters, lead engineers, and
the delightfully unpredictable hands of the cheapest programmers money can
buy.

Perhaps that is the evil plan working as intended

~~~
ixtli
Yeah I mean the fact is that revenue comes from people not collecting
benefits.

~~~
beat
Nope. The vast majority of benefits are processed without incident or
complexity, between the medical provider and the insurer, with no action
required by the insured. Rigging some UI for hand-entry of claims in a way
that suppresses only some, but not all? That's not going to make an
appreciable difference in the bottom line.

~~~
ixtli
I'm not sure what the "nope" is in response to: Insurance companies profit
when people don't collect on their benefits. If I pay and don't use it, they
win. This is why companies that self-insure take out further insurance on
their pool in case someone does actually get very sick and it drains the pool,
which does happen more often than you'd think.

------
jawns
This post lists three examples of dark algs/UX.

However, the second and third examples are speculative. They might be a result
of an algorithm, or they might be a result of stupid policies, or they might
be a result of operational errors. Who knows? Alleging that it's a "dark
algorithm" sounds cool, but it isn't really damning without evidence.

So we're down to one example of actual dark UX, which doesn't make for a
particularly strong allegation. I wish the author had taken just a little more
time before publishing to collect a few other authentic examples.

That said, I know from my own experience that health insurers' online portals
tend to have horrible UX, because it is not in their best interest to have
great UX. Just yesterday, I had to fill out a form indicating that none of the
five members of my household had other insurance or were Medicaid-eligible.
There were a total of 10 checkboxes I had to check. After checking each one, I
got a loading indicator and then the page refreshed, so I had to scroll the
page back down to the next checkbox. It didn't prevent me from filling in the
information, but it definitely made it needlessly tedious.

~~~
dbatten
It's further concerning that he appears to have written his own example code
for the speculative dark patterns, presenting it alongside real code from
insurer websites, which I found misleading at best and downright deceptive at
worst...

~~~
philipodonnell
And then, like, criticize the code quality it as if it came from them for
design choices that _the author_ made?

> So, my laugh cry scenario here is that they statistically set/just have
> variables in the code base that say claims spanning a certain amount of time
> are denied. E.g.

WTF, you wrote that code!

~~~
balthasar
He is pointing out the arbitrary nature of the algorithm the workings of which
was determined through research. The psuedo code is obviously not the point.
The reader would have to either be ignorant of the discussion to make this
mistake or intent on blurring the discussion.

------
pweissbrod
Im disappointed to confirm these are quite real. I've seen a particular case
where a benefits enrollment page has a check box list where your selected
enrollments at the top of the page _silently change as you edit fields near
the bottom_. And you can bet which direction those values change. It doesnt
hide a submission button like the author's example but it DOES prey on those
who neglect to review their submission in full before continuing (which I
guarantee is a significant and quantifiable benefit to the payer)

It's a big stretch of the imgaination to dismiss this behavior as 'designer
error'. This is a great example of where class action lawsuits can and should
be employed.

------
bawana
Insurance companies give me 90 days to submit a claim, then they do not have
to pay it. I guess their rationale is that if I did not bother to submit an
invoice, then why should they pay? And by the way, a lot of them will not
accept paper claims any more. They want all the claims done electronically
through their ancient systems.

And by the way, this push for electronic medical records(EMR) was a way for
them to further decrease their overhead (thank you insurance lobbies). EMR
that is CCHIT certified (= Certification Commission for Health Information
Technology, pronounounced 's-h-i-t', for real) can interface with payment
clearing houses directly (I as a physician have to pay to use a clearing
house, btw). Then the claims are scrubbed by their scripts and rejected for
various reasons, (for example, no referral from PCP, invalid gender for
treatment code,etc). No humans involved. This allows them to lay off vast
swaths of auditors. And effectively outsources their work onto the physician's
office. And increases their earnings per share.

Now you know why the only new physicians you will meet are not homegrown
anymore. It costs 400k to go to medical school. Then you have 3-7 years of
postgraduate training at 35k a year. Then your debt has ballooned to 800k with
deferred interest payments. BTW, new physicians get paid 90-100k.

~~~
pc86
The new physicians making $90k a year after residency are not the ones with
$400,000 in student loans, and $800k in total student interest load is...
atypical, to say the least. $300-400k total load post-residency is much more -
I refuse to say "reasonable," but much more realistic. And the folks who have
$400k total load are on a fast track to make $250-300k/yr just a few years
after residency. A huge part of why doctors are paid as well as they are is
because of the risk and the massive opportunity cost of getting an MD and
going into practice.

Yes, it takes planning and dedication to set yourself up on solid financial
footing post-medical school, and it's entirely conceivable to be in your early
thirties before you're debt free. But it's pretty damn hard to be struggling
financially as a physician in any field.

~~~
bawana
there is no 'reason' as to why physicians are paid what they are paid. It's
simply supply and demand. A typical physician has to care for 5000 patients a
year (that is the size of a full panel, btw) and gets 150k a year. Do the math
- 20 patients a day, 5 days a week for 50 weeks a year is 5000 new visits.
BTW, phone calls are not billable hourz. Oh, and I forgot 'emergencies' like
aunt jemima who has severe burning when she pees, etc and needs to be seen
ASAP or else she's going to the ER. Now add in the follow ups and emergencies
and you're up to 35 patients a day. If you work for 8 hours (no lunch or
breaks) that's 4 patients an hour. But wait, you have to enter patient info
into an emr while you're supposed to be talking to the patient. Maybe you need
to sip some water and go to the bathroom too. So that's 10 min a patient. for
150k a year.

Instead, most MDs are looking to become 'boutique' docs. Each patient pays $2k
a year for as much primary care as he/she wants. The boutique doc limits his
panel to 500 patients. He makes 6x the money for 1/10 the work. now the doctor
can spend an hour with each patient and treat him like a human being instead
of a slab of meat. And cut the expensive insurance middleman out of the
picture.

So right, who needs the stress and bs that comes with a corporate existence.
Why should the people who do the work (programmers and coders in your case
perhaps) support the wasted busy work of people who are corporate drones and
never actually interface with customers/patients/clients/aka the people who
pay the money.

------
hanklazard
Not a dark UX, but another move I’ve seen that is line with the stall-for-time
method that the author mentions is the requirement for a prior authorization,
even for very common medicines. I have seen first-hand the amount of work this
tactic creates in medical offices. It definitely allows insurance companies to
stall in their approval/payment for medicines and, I’m sure in a % of cases,
not pay at all (ie, the paperwork doesn’t get completed, patient gives up
trying to navigate the complexity of the system).

~~~
jimktrains2
My most hated is "The thing your doctor did was not medically necessary,
therefore we won't cover it."

------
fortythirteen
Never attribute to maliciousness that which can be explained with
incompetence.

Since two of the three are complete speculation, without any evidence, I'll
address the first example.

"suppress empty div" could mean that it is hiding an element _until a
condition in the form is met_. You need to see the accompanying JS to
understand any intent. It's entirely possible that bad programming is keeping
the div both empty and suppressed.

~~~
hectorr1
But developer incompetence and poor product design can be a 'dark' strategy as
well, just a passive one instead of an active one. Good UX doesn't matter
because users are not customers to health insurers, they are just cost
centers. Their employers are the customers, and those guys care about how
cheaply they can buy insurance and retain the quality level of their desired
employee base. If the goal is to sell lots of insurance and pay little in
claims, the strategy makes sense. So you spend as little as possible on UX.

NB: I think this is also how enterprise tech works.

~~~
fortythirteen
Insurance companies don't think of "members" as just cost centers. They're a
lot more picky around the concept of "hiring and firing" customers.

Put it in the perspective of a freelance web developer. If someone is going to
pay you x amount of dollars to build a website, but cost you more than x in
support time and change requests, you either have to up the price or not take
on the customer.

------
fnordsensei
Let's forget ethics for a moment, is there any decent way to calculate the
difference in bottom line between creating and providing a great service
(presumably leading to a good reputation, and maybe better, more long-lasting
relationships with customers), and squeezing and weaseling every penny out of
your customers and doing everything in your power to keep them from using the
service they bought (presumably leading to bad reputation, but more cash
upfront)?

In some industries/companies/communities/what-have-you, there seems to be this
consensus that exploitation, scamming and backstabbing is the obvious way to
make the big bucks. Is this objectively true, or is it just some kind of oral
history and tradition handed down from 1800s industrialists?

~~~
bbddg
I think for most insurers it's more profitable to provide less service and
preventative care for two specific reasons. One, once a person is 65 they are
covered by Medicare and are the government's problem. Two, if someone under 65
does get seriously sick or injured, chances are they're going to have to leave
their job or get fired. With most people getting insurance through work, the
insurance company isn't on the hook anymore either.

~~~
nradov
The ACA required most health plans to provide free preventive health services.

[https://www.healthcare.gov/coverage/preventive-care-
benefits...](https://www.healthcare.gov/coverage/preventive-care-benefits/)

------
panic
Meanwhile, these insurance companies are making billions of dollars of profit
([https://www.axios.com/profits-are-booming-at-health-
insuranc...](https://www.axios.com/profits-are-booming-at-health-insurance-
companies-1513302495-18f3710a-c0b4-4ce3-8b7f-894a755e6679.html)). There's no
reason insurance companies need to be involved in health care at all.

~~~
Ntrails
> There's no reason insurance companies need to be involved in health care at
> all.

As a Brit I sort of agree, because I think free healthcare at point of
delivery is the right solution. However the more continental model works
perfectly well and many countries use private insurers for that sort of model.
Insurance companies have a lot of expertise in risk management, analysis and
costing so to claim that they've no place in healthcare is odd.

~~~
beat
Getting far afield here, but... there's something uniquely broken about the
financial model of the US system. Pretty much every industrialized nation in
the world pays about half as much per capita as the US does for its health
care, and pretty much all of them provide universal coverage. And this is
_everyone_ , from purely socialist systems to mostly private systems.

Which is why I have issues with both the right-wing insistence that nothing is
wrong with ours that a little more free market can't cure, and the left-wing
insistence that only a purely socialist single payer system will provide
financial responsibility and social justice.

------
JohnStudio
My spidey sense in law has to ask myself, "I wonder if that's HIPAA compliant"
lol. Should just call it the Dark HIPAA requirements and un-UX in Health
Insurance.

Laughing aside, the real data pinch in HI is the meta data of the meta data.
Once you understand the abstracted layer there, the rest is following EDI
compliance contracts and creating views appropriate to the end user.

It's a slippery slope.

------
cfelix
I worked with health insurance as a software developer (in Brazil so maybe
it's all different, but still) and here are my observations.

1\. Making claim submission impossible

He said he tried to submit a claim at the last minute. I believe the hidden
page was just lazy work, because the page has to be visible again soon. If
they hid the page at an appropiate time I don't know.

2\. Routinely denying claim submissions

As far as I can tell, in Brazil a regulated health insurance plan can't deny
you service based on how many claims of a certain kind you submited. They
could before.

But the industry will find other ways to not lose money. Readjust prices based
on number claims (from all users), prevent you from entering the plan and
making a claim right away, pay for a quota of every procedure you take.

All these mechanisms already existed, but if they can't deny claims anymore
they will tweak the other points.

3\. Saying the customer has other insurance

This is fucked up. I can't find a explanation that isn't malicious.

Here is one similar case that happens in Brazil though. If you have health
insurance and use the free health insurance (SUS). The Union will charge back
your plan, not you. It's their job to sort it out not yours.

~~~
gcb0
comparing brazil with the US on health insurance and worker rigths is a joke,
you know that, rigth?

even with the latest illegitimate corrupt government killing most of the work
laws last couple months, its still way ahead of the US.

~~~
cfelix
I know but I still think the points 1 and 2 are pretty much the same for both
countries.

------
y3sh
United Healthcare... no surprised!

------
h_i_t
beat's post is correct. This is straight up incompetence and just another
symptom of how bad things are in Health Care Software right now. To give more
background I'll tell you that I work in a company that builds software for
major state-wide US insurance companies. Our software touches hundreds of
thousands of lives on a daily basis.

The problems you're seeing may not even be a part of our software even though
our software will do the heavy lifting. Each Health Care customer hosts their
own product, although in recent times this is changing thank god. This means
they maintain their infrastructure apply patches, manage their network, do
their own provisioning, etc, etc.

This also means if a manager has the bright idea to $save money$ and build
their own in house customer facing claim submission portal we don't know about
it. How can we open our software up to work with their shitty portal if we
don't even know it exists?

It may be harsh to assume the portal is shitty and has bugs like you
experienced in item 1 but it really is a safe guess. Most of these US based
companies are staffed by workers in India. These workers in India have a long
list of obstructions preventing them for doing their job properly: a) 8am on
the US Eastern seaboard is 6:30pm in Noida, India. So they're all basically
working the night shift.

b) Lack of strong labor laws or fair compensation. High turnover in a critical
IT field is bad, bad, bad. I've gotten calls from people in India who are
trying to find out who their manager is in the US. I don't know bro I'm just a
vendor :(.

c) A handful of non-technical, non-healthcare business folks managing a team
of people on the other side of the world is a recipe for pain and failure.
Here's a great example of the mysterious cause behind "Rising Medical Care
Costs".

d) Lack of training and proper communication leads to horrible awful
undocumented software abominations. I am borderline willing to blame my
balding on these troubleshooting calls.

What I'm trying to make clear is that the failure may be between some shitty
interface Insurance Co. #1234 built to save money. If that's the case it'll
never really get fixed as the people managing it may not even be aware of the
bug. If all goes well and the interface to our Insurance software is actually
correct then "Hooray!" your customer facing bug gets to someone like me!

Now we've entered the realm of a US based software company. But our service
that processes this information is 12 years old, the ONE guy who built it in
the 90s is long gone, and there's no documentation. So good luck getting
someone to take ownership of that. That's assuming I can even reproduce the
bug. Reproducing the bug may be an odyssey wholly unto itself. It might take 3
developers and 1 QA engineer that has 20 years of seniority to figure out why
logging isn't working for this 12 year old service.

So that's your dark pattern. It is more of business pattern but its a pattern
that has so far caught every god damn piece of Health Care software in its
net.

