UK Biobank has denied sharing sensitive health data intended for medical research with insurance companies, in response to an investigation by The Observer, which was published in the paper on Sunday 12 November.

UK Biobank is the world’s leading biomedical database containing genetic and health information from half a million UK volunteers, and has widely been considered to be a success story. Just weeks ago it was announced that former CEO and chairman of Google, Eric Schmidt and Citadel CEO Ken Griffin were the first in a consortium that will help scale up UK Biobank’s wealth of health data. Funding to the value of £16m has been matched by the government, bringing the total to £25m, with the aim of achieving at least £50m overall.

However, the paper alleges that the company provided insurance companies with content from its database on multiple occasions between 2020 and 2023. In response, UK Biobank says it was made clear to volunteers who shared their health information, how that data would be used.

In a statement from UK Biobank published on its website the same day as The Observer report, Professor Rory Collins, principal investigator and chief executive of UK Biobank says: “The new article in The Observer portrays an extremely misleading account of what was actually communicated to UK Biobank participants when they were invited to join the study, and how UK Biobank considers applications for access to the de-identified data of participants (including to insurance companies).”

According to UK Biobank, all volunteers gave consent for their de-identified data to be used by approved researchers for health-related research that is in the public interest. This could include researchers from all types of academia and commercial organisations.

The Observer says it has evidence that the company failed to explicitly tell participants their data could be shared with insurance companies – directly going against several public commitments it made not to do so.

Concerns over how data would be used

The UK Biobank project was first announced back in 2002, with the company responding to concerns that data could be used in discriminatory ways if passed to insurance companies, by promising that data would not be shared in this way.

The paper reports that up until February 2006 the company website included the following statement within its FAQ section: “Insurance companies will not be allowed access to any individual results nor will they be allowed access to anonymised data.”

According to UK Biobank, at the point of recruitment in 2007, this information had been revised and no longer applied. It says that all volunteers were provided with updated information confirming that anonymised data could be shared with private firms for ‘health-related’ research.

Digital Health has contacted UK Biobank but has yet to receive a reply.

It’s not the first time that concerns have been raised over data collection and its use. In May 2021, NHS Digital announced plans for a General Practice Data for Planning and Research (GPDPR) service, which would provide planners and researchers faster access to pseudonymised patient information from GPs. After several delays, the service was eventually paused until a number of criteria had been met.