Category: Cyber-physical risk · Reviewed by Tim Roche, Director · PI & Commercial · Last reviewed 2026-06-10
Connected health insurance is private medical insurance (PMI) and Life insurance that integrates wearable and health-app data — typically step counts, heart-rate variability, sleep and activity minutes — into policyholder engagement, rewards and, in some products, underwriting.
Connected health insurance is constrained by three UK frameworks: the UK GDPR’s special-category data regime, the Equality Act 2010’s prohibitions on disability discrimination, and the FCA’s ICOBS and Consumer Duty regimes. Programmes are typically structured as voluntary rewards rather than mandatory underwriting inputs.
Definition
Connected health insurance comprises:
PMI with rewards programmes — discounted gym membership, retailer rewards and premium credits for activity (Vitality is the principal UK example);
Life and protection products with mortality discounts for activity tracking (Vitality Life; John Hancock in the US);
Income protection with activity- or sleep-based engagement;
Group risk products linked to corporate wellness programmes;
Public health insurance overlay — limited UK relevance.
Devices and apps used include Apple Watch, Fitbit (Google), Garmin, Polar, Whoop, Oura and bespoke insurer-branded apps.
Legal / Regulatory basis
The principal UK frameworks are:
Data Protection Act 2018 and UK GDPR, in particular:
Article 5 — data minimisation, purpose limitation, storage limitation;
Article 6 — lawful basis (typically consent or contract);
Article 9 — processing of special category data including health; lawful only on a defined Article 9 condition (explicit consent; insurance condition in Schedule 1, Part 1 of the DPA 2018 for some specific purposes);
Article 25 — data protection by design and by default;
Article 32 — security of processing;
Article 35 — DPIA, mandatory for large-scale special category processing.
ICO, Health, social care and pharmaceutical sector guidance; Wearables and AI guidance; AI Auditing Framework.
Equality Act 2010 — protected characteristics including disability; risk-rating must not unlawfully discriminate. The insurance industry-government Disability and Access Agreement (2020 framework) and prior agreements are relevant.
Financial Services and Markets Act 2000 and FCA Handbook — ICOBS, PROD 4, SYSC, Consumer Duty (PS22/9).
FCA Policy Statement PS21/5 — General Insurance Pricing Practices (May 2021) — for PMI renewal pricing.
NHS Digital and MHRA guidance on health apps and medical devices — relevant where wearable-app combinations qualify as medical devices.
Genetic testing voluntary code (Concordat and Moratorium on Genetics and Insurance — 2018) — does not apply to wearables but is relevant context.
How it works in practice
A typical Vitality-style programme:
Customer joins PMI or Life; signs up for the wearables programme.
Data sharing — under explicit consent (Article 9(2)(a) UK GDPR), the customer authorises the insurer to receive activity points data from their wearable.
Points and status — points earned for verified activity; customer accumulates a tier status (Bronze, Silver, Gold, Platinum).
Rewards — Apple Watch funding via reduced monthly payments offset against activity; retailer cashback; cinema and travel rewards.
Premium variation — Vitality Life applies premium variations based on status; PMI typically applies renewal discounts based on engagement.
The programme is typically presented as an opt-in benefit; declining to join does not affect the customer’s eligibility for the base product.
Common variations / Subsequent developments
Vitality (UK) — the principal UK example; PMI, Life, Investment products with the Apple Watch programme.
AXA Health, Bupa engagement programmes — narrower than Vitality but using similar concepts.
John Hancock (US comparator) — adopted an all-customer wearables model in 2018; instructive for product design.
Group risk wellness programmes — Aon, WTW, Mercer and others.
Mental health apps — overlap with health and protection programmes.
Data protection reform — see the Data (Use and Access) Act 2025 (subject to enactment) which adjusts the UK GDPR framework, including provisions on automated decision-making and research uses; impact on connected health insurance to be assessed in the post-Act guidance.
The MHRA’s evolving guidance on Software as a Medical Device (SaMD) is relevant where apps perform diagnostic or therapeutic functions.
Example
A UK customer takes out a Vitality PMI policy with the Active Rewards programme. They pay £45/month for the policy and an additional £10/month for an Apple Watch. Each month, by reaching 240 activity points (calorie burn or workout minutes), the £10 device payment is waived. After two years of consistent engagement, the customer’s status is Platinum, qualifying for a 25% renewal premium credit and cashback offers. All data sharing is under explicit Article 9 UK GDPR consent; an Article 35 DPIA has been completed; automated tier changes are paired with human-review safeguards under Article 22.
MHRA, Software and AI as a Medical Device guidance (2023–2024).
IAIS, Application Paper on Cyber Risk Underwriting (2020).
This entry is part of the Apex Insurance Wiki. Last reviewed by Matt Bartlett on 2026-06-10. Next review: 2026-12-10.
Apex Insurance Brokers Limited. Authorised and regulated by the Financial Conduct Authority, FRN 724952. Registered in England and Wales, Companies House 07014570. This entry provides general information about UK insurance concepts and is not regulated advice. Consult your insurance broker on your specific position.
Our service promise. We acknowledge every quote request the same working day. For straightforward risks, indicative terms typically follow within five working days. Complex risks — higher-risk buildings, cladding, mid-term proposals requiring fresh underwriting — may take longer; we’ll send you a progress note by the end of the fifth working day in those cases.