Guardian: Private UK health data donated for medical research shared with insurance companies (UK Biobank)

Observer investigation reveals UK Biobank opened its biomedical database to insurance firms despite pledge it would not do so

Sensitive health information donated for medical research by half a million UK citizens has been shared with insurance companies despite a pledge that it would not be.

An Observer investigation has found that UK Biobank opened up its vast biomedical database to insurance sector firms several times between 2020 and 2023. The data was provided to insurance consultancy and tech firms for projects to create digital tools that help insurers predict a person’s risk of getting a chronic disease. The findings have raised concerns among geneticists, data privacy experts and campaigners over vetting and ethical checks at Biobank.

https://www.theguardian.com/technol...d-medical-research-shared-insurance-companies

 

I don't see how private insurance will be possible in the future given advances in genetics. Everyone is at risk of something.

 

Whoa! If true in the US as well, the implications to people like me could be bad. That has to be illegal if they said it would be shared with no one.

Tiered pricing, with some folks not allowed coverage? Folks like us?

 

How will this affect research? Will anyone want to donate to such a resource in future?

 

If insurance companies discover that patient X has a 25% risk of getting disease Y it begs the question - Will they tell the patient? I think they should be obliged to if the patient wants to know.

 

I thought it was "pseudonymised" i.e. uses very poor methods of anonymising people. i.e. some postcodes only apply to a tiny number of people. So, someone knowing gender, age, postcode could easily identify the person whose data it is.

 

"Keeping your data secure

We take data security seriously, as your contribution is enabling discoveries that will improve the health and day to day lives of millions of people. We separate your details from the information you provide about yourself almost as soon as those data are collected. Researchers have no interest in identifying participants since their goal is to compare large groups of people to try and understand why some people develop certain illnesses and others do not.

Nonetheless, scientists must sign a legal contract before receiving data, promising they will not try to identify participants. Our data are protected by encryption and behind secure firewalls and our storage systems are tested regularly and updated when necessary."

https://www.ukbiobank.ac.uk/explore-your-participation

 

Promising to try... What an odd phrase to use in this context. It sounds as likely as an addict promising to give up what they are addicted to tomorrow - and they really mean it this time!

 

Are insurance companies considered scientists?

If not then how is it relevant that scientists must agree to something before receiving data?

All adoptees must agree to treat any kittens that we supply well, and not to use them for cooking with...is kind of null and void if the kittens are supplied via a feeding shoot to tigers....

 

Well, it doesn't say that. The phrase is actually "promising they will not try to identify participants", so they are having to promise not to "try to identify participants". And that is more encompassing than promising not to identify participants, where they would only be in trouble if they actually identify someone - instead they would be in trouble if they took steps to simply attempt to identify someone.

 

Insurance companies, as we know, can employ scientists. "Who can register for access to the UK Biobank Resource? The Resource is available to all bona fide researchers for all types of health-related research which is in the public interest.", https://www.ukbiobank.ac.uk/media/zfzoefdy/access_017-faqs-v4-1.pdf

 

Okay, Gotcha. I read that sentence wrong.

 

Depend what other databases they have access to, which is the issue

I’d assume there is a norm of not being allowed to report at all where it is five or less in ‘a group’ eg gender or age.

putting that aside they don’t need to know a name to be pretty specific to individuals- if you imagine car insurance might use proxies that seem random to whether you are a good driver, such as ‘if someone crashed into you’ actually increasing your insurance but potentially even more random things than these only have to be unpicked that they are allowed to isolate based on and they can just crunch it into an actuarial function for insurance forms.

eg How many people living in Windsor drive twenty year old Saabs and are 50m from a river and park on the street for example .

I don’t know what the equivalents applying to health insurance -that legislation and regulations both allow and properly check on to oversee - and how ‘relevant’ they have to seem but I think overseers need to be aware.

I'm struggling to see the positive applications in this tbf. The idea insurers would think ‘pay out early on adjustments and useful medical support (rather than undermining support) to prevent them getting permanently worse’ would be a heeded message seems cloud cuckoo so…

 

And yet while ‘try’ remains in there…