Get paid for walking. You’re walking around all day anyway, right? Just strap on this fitness tracker, and if you take a certain number of steps by the end of the week, you'll get an Amazon gift card.

That's the pitch from Oscar Insurance, a two-year-old health insurance startup that is offering New Yorkers a free fitness tracker for those willing to buy into the insurance industry's new pact with consumers: Allow us to monitor your behavior, and we'll give you a reward.

Oscar Insurance, which claims 30,000 members and has raised $175 million in venture capital, started offering Misfit Flash fitness trackers to customers late last year. The tracker measures a person’s recent activity to determine how many steps he should take over the course of a single day. For every day a policyholder surpasses that goal, Oscar gives a credit toward an Amazon gift card (up to $240 a year).  

CEO Mario Schlosser said all Oscar customers older than 18 can sign up and access their health data through Oscar’s mobile app and timeline. “The data will not be shared beyond this but will be used to increase health awareness and promote healthy lifestyles for our members,” he said.

"If the member creates an account with Misfit, their data will also be available through their Misfit account, as the program is optional. Misfit has data privacy rules in place as well," he said. "In the future, we may be able to provide the option for members to share information with their doctor, but this will never be incorporated into the plan pricing or service for Oscar members."

This comes after Oscar offered eligible customers a $20 reward if they got a flu shot, which is already free for members. 

Privacy Trade-off

In terms of the trade-off, the program is similar to Progressive Corporation's Snapshot program, which gives auto insurance customers a discount in exchange for allowing their driving habits to be monitored for six months. Schlosser said the Progressive program was "definitely" an influence on the Misfit partnership. But he also sees Oscar’s walking initiative as the first step toward totally changing how customers think of the insurance industry -- and vice versa. "This is very much the beginning," he said.

As more insurance companies offer customers incentives in exchange for having their behavior monitored, more customers will wonder not only what happens to their health data but what happens next. Shawn Ram, executive managing director at Crystal & Company insurance services says this kind of permission-based monitoring is the future but it also raises lots of sticky questions.

“This is part of a larger trend that I certainly expect to grow, and as insurers move down that path, their information is not only going to become more precise but it’s also going to create more questions about privacy,” Ram said.

Yet the Progressive comparison is another reminder of how much responsibility insurance companies have to protect their customers' data, especially health data. Corey Theun, a senior researcher at Digital Bond Labs, a security firm, announced last week that he successfully hacked the hardware Progressive has given to more than 2 million customers to track their driving habits.

'Minimal And Insecure'

“The firmware running on the dongle is minimal and insecure,” Theun told Forbes. “It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies.... Basically, it uses no security technologies whatsoever.”

A Progressive spokesman said the company is "confident in the performance" of the Snapshot device, which has led the field in usage-based insurance.

Marc Rotenberg, the executive director of the Electronic Privacy Information Center, said the security situation is “still a little unclear” because the Health Insurance Portability and Accountability Act (HIPAA), the federal law that makes it easy for Americans to keep their health information confidential, is just so difficult to understand.

“From a privacy perspective, it’s perfectly fine for people to have access about themselves -- the number of steps they take, how many pounds they lost -- but the issues arrives when that data is transferred to third parties,” he said. “And then liabilities arise when something goes wrong because the developers misuse that data.”

It’s clear, though, that customers will continue to sacrifice privacy for a discount, sources said. That became evident in 2013 when a European car insurer offered customers a lower rate if they agreed to install a two-way camera in their vehicle, which was activated when the car surpassed a certain speed or was involved in a collision.

“Technology companies have the ability to connect the dots, which insurance companies can’t always do,” Ram said. “If you can connect the dots between someone’s fitness life and their driving habits and also determine they do X, Y, Z on the Internet, then you get a profile that’s pretty interesting. It does provide a lot of value, but it’s primarily a privacy issue.”