The personal health data of 500,000 UK residents, which was intended for medical research, has been disclosed to insurance companies, despite assurances that it would remain confidential.

The Observer’s investigation uncovered that UK Biobank shared its extensive biomedical database with insurance companies on multiple occasions from 2020 to 2023. The data was used by insurance consulting and technology companies to develop digital tools that could forecast an individual’s likelihood of developing a chronic illness. This revelation has sparked worries among geneticists, data privacy specialists, and activists regarding the screening and ethical protocols at Biobank.

Established in 2006 to aid researchers studying diseases, the database holds vast quantities of blood, saliva, and urine samples from approximately 500,000 adult volunteers. It also includes medical records, scans, data from wearable devices, and lifestyle information collected on a regular basis.

Accepted scientists globally have the option to purchase records ranging from past medical information and personal habits to complete genome sequencing data for a fee of £3,000 to £9,000. The outcomes of this research have produced significant advancements in the medical field and have established Biobank as a highly praised institution in British science.

The Biobank stated that it closely monitors access to its data, limiting it to legitimate researchers working on health-related projects for the benefit of the public. This includes researchers from various backgrounds, such as those employed by academic, charitable, or commercial organizations, including insurance companies. The participants were informed about data sharing policies during the recruitment and initial assessment processes.

However, information collected by the Observer indicates that Biobank did not clearly inform participants that their data would be shared with insurance companies, despite publicly stating that it would not do so.

In 2002, when the project was first introduced, Biobank assured that information would not be shared with insurance companies. This was in response to concerns about potential discrimination, such as denying coverage based on a person’s genetic traits.

During the period of public scrutiny and parliamentary discussions, the Biobank website’s FAQ section stated that insurance companies were prohibited from accessing individual results or anonymised data. This statement was in effect until February 2006.

The commitment was restated multiple times in public declarations from supporters of Biobank. They assured that measures would be implemented to prevent “any insurance company, police force, or employer from obtaining access.”

Biobank announced that this weekend, they have renounced the pledge that was repeatedly made over the course of four years. They stated that the commitment was made prior to the official start of recruitment in 2007, and that when volunteers for Biobank joined, they were given updated information.

The materials provided, such as leaflets and consent forms, stated that Biobank data could be shared with private companies for “health-related” research, but did not specify insurance companies or address previous assurances.

The Biobank organization has consistently stated in their leaflets over a span of 17 years that insurance companies will not have access to any personal information, samples, or test results of individuals. This statement specifically refers to identifiable information, such as a person’s name, rather than any other data related to Biobank participants.

The specific details of the information exchanged with the insurance sector are uncertain because Biobank does not regularly disclose this and has chosen not to do so thus far. Summaries of the publicly available projects indicate that it may have involved anonymized data on individuals’ health conditions, habits, and biological indicators.

ReMark International, a company that specializes in insurance consulting, has been given permission to access data from Biobank. This company, which handles a million policies annually and serves clients such as Legal & General and MetLife, requested access in December 2022. Their purpose for obtaining the data is to create an algorithm that can predict diseases and mortality rates by analyzing hospital records and smartwatch data. Their goal is to better understand the connection between lifestyle, mental health, and biomarkers.

Lydia.ai, a Canadian “insurtech” company, has been granted access to Biobank data to provide individuals with personalized and predictive health scores. The company partners with insurers to utilize additional data sources in order to predict risks. In January, they were given access to Biobank data for a project that connects health records with lifestyle information to forecast chronic illnesses.

Club Vita is a company that specializes in analyzing data related to longevity for various clients such as pension funds, advisors, insurers, reinsurers, and asset managers. They have 400 pension fund clients and 25 insurer clients. They were given permission to access data for their project, which aimed to evaluate morbidity outcomes by considering factors such as gender, diseases, treatment, location, and lifestyle.

Genetics and AI specialist Prof Yves Moreau, who has experience with UK Biobank data, expressed concern over the sharing of data, calling it a significant breach of trust. He criticized the notion that Biobank’s public promises could be overridden without notice and questioned if participants were aware of the potential sharing of data with insurance companies. According to Prof Moreau, while the data may seem unimportant, it can have significant consequences.

Sandra Wachter, a technology and regulation specialist at the Oxford Internet Institute, warned that these incidents could damage the trust of volunteers who provided their data for a noble purpose. She expressed ethical concerns over the creation of insurance products that aim to forecast an individual’s health.

According to Sam Smith, the leader of medConfidential, an organization advocating for the confidentiality of medical information, individuals provided their data to Biobank with the intention of aiding in the discovery of cures for illnesses, not for it to be utilized by insurance companies. Smith insists that Biobank must disclose to each participant which data was shared with insurance companies and the reasoning behind it.

The Biobank organization stated that they have never shared data without the volunteers’ consent and it is incorrect to assume that previous promises, made before enrolling at Biobank, should still be honored.

The statement mentioned that scientists were employed by various businesses and as long as they met the strict access requirements, they were allowed to utilize Biobank data for research. The organization stated that insurance companies conducting research on how lifestyle choices can benefit health or identify health risks was considered relevant to health and for the benefit of the public. It also stated that they sought advice from independent ethicists extensively regarding sharing commercial data and any complicated requests were reviewed by an expert committee.

According to Professor Naomi Allen, the lead researcher at UK Biobank, all necessary procedures have been adhered to in these instances. The data shared is anonymous and has been used for legitimate health research purposes, such as studying the effects on human health and lifespan, which is what our participants agreed to support.

There is no indication that insurance companies have used Biobank data to directly influence individual policy decisions. No actual biological samples were exchanged.

In addition to insurance companies, Biobank data has also been shared with non-health related entities such as pension funds and investment firms, according to project records.

The Biobank has been questioned about a situation where a California company, whose website contains numerous spelling errors, was given permission to use their data. The company, Flying Troika LLC, identifies as a research laboratory specializing in “deep learning” solutions for industries such as insurance, pharmaceuticals, manufacturing, and retail. Their website claims to have teams in 13 cities, including “Maimi” and Edinburgh. It has been reported that the company requested access to genetic data, MRI scans, and other information in April 2021 in order to develop an advanced AI model for predicting aging processes.

Professor David Leslie, the head of ethics and responsible innovation at the Alan Turing Institute, stated that it is crucial to clearly outline how each of these projects is classified as medical data being utilized for the benefit of the public in order to maintain their trust.

The UK’s data privacy regulator, the Information Commissioner’s Office, is currently examining the situation. They stated that individuals have the right to trust that their information will be handled with security and only used for the intended purpose. Organizations must supply clear, precise, and thorough information, particularly when dealing with sensitive personal data.

Source: theguardian.com