These failures show that Biobank volunteers’ data is ‘out in the wild’ as researchers implied last year but Biobank did nothing about it.
Biobank itself doesn’t know who has got it and is being forced to resort to filing “take-down notices” on the various copies of (various amounts of) Biobank volunteers’ (medical and DNA/genomic) data that are popping up all over the place. Biobank aren’t very good at it.
Alibaba was just the latest incident, which Rory once again played down – both to the Biobank volunteers themselves, and to the British public. Biobank volunteers’ data should never have left Biobank’s (so-called) ‘Secure Data Environment’. Full stop. UK Biobank offered a download option from an environment they told their users was secure; this was after they told people they had ceased downloads. We’ve summarised the ongoing messes in various documents over years.
“De-identified” health data is eminently re-identifiable, as The Guardian proved a few weeks ago. It is not ‘anonymous’ data – it is sensitive personal data.
How did the people on that undergraduate course get approval for access? Did Biobank simply give access to anyone who the university said was on the course? Does it have any way to know any of that? UK Biobank has defended itself by saying Yale had a previous failure that it was sanctioned for. If you look at the Biobank project list there is no obvious project which has been closed for breaking the rules, but there are many ongoing projects as if there was no problem at all. Any sanction must have been so minor there’s no public disclosure of any of it, but Rory decided to pick on them to save his job (or NHS England can publicly confirm contemporaneous reports of breaches).
Is this behaviour what the public and patients should expect from the new Health Data Research Service?
HDRUK and Biobank share a culture
This systemic, cultural problem does not only apply to Biobank…
Polly Toynbee might be happy to have her medical history and genome on the internet – that is her choice to give it to Biobank and her decision is informed by her close relationship with UK Biobank leadership who insist they never do anything wrong – but would the 499,999+ others make the same decision about their data and tissue and blood if Biobank had told them up front that “research” might include sending their data to all of these outfits? That Biobank knew their system allowed downloads, but didn’t want to talk about it because staff hoped no researcher would notice? Did they tell Polly that?
Biobank tells GPs that “Careful checks are in place to ensure confidentiality and data security” which clearly isn’t true. The same page has a GP quoted by Biobank saying: “With its internationally respected managed access model and robust data protection, UK Biobank ensures this enhanced resource will drive innovation responsibly”. It wasn’t true when Biobank published it in February, and isn’t true now.
UK Biobank has started talking publicly about another wave to their cohort, which is an opportunity to give all members the ability to give a fully informed consent to continue participating. (or, if they don’t respond, to have their data flows stopped? Or will people still have to beg the Biobank call centre for the secret form to fill out and return to end their participation? What will they be told about this debacle)
Today there was a ministerial statement in the House of Commons about a new breach (at noon exactly)
Biobank claim that the data is “deidentified” – all that means if that you can’t find someone you don’t know, if you know anything about someone you can read off the rest of their health record.
A series of terrible decisions by Biobank’s outgoing leadership have all come together at once.
That UK Biobank have referred themselves to the Information Commissioner shows they know this was personal data. it was personal data.
Biobank told their funders, their members and others that they operated a secure data environment, while allowing their users to download whatever data they wanted.
“In its statement, Biobank said the type of data offered for sale included:
• Population characteristics such as gender, age, month and year of birth;
• Assessment centre data including attendance date, socioeconomic status, lifestyle habits, mental health, self-reported medical history, cognitive function and physical measures;
• Measures from biological samples including haematology, biochemistry, metabolomic and proteomic;
• Online questionnaire data on sleep, diet, work environment and mental health;
• Health outcomes data on ICD-coded diseases, cancer diagnosis date etc.”
The Guardian then found the full patient-level NHS hospital data given to UK Biobank about its volunteers had been posted to the internet on several occasions – with signs of hundreds of instances of rule breaking and smaller breaches. UK Biobank insists that the NHS hospital records of their cohort are not personal data, despite The Guardian being able to reidentify individuals’ full hospital histories from other information in the dataset.
Why does this matter if you’re not one of the half million people in Biobank? It matters to you because the data leaked by UK Biobank is the same linked, patient-level NHS hospital data that is routinely sold (in full or in part) to hundreds of other organisations. And, even if you have opted out, your data is usually included.
What did the Minister know when he signed the Biobank direction? What did those who publicly supported the Direction know? Did Biobank tell them everything?
Why this matters even if you’re not in Biobank:
The Biobank direction means “pandemic only” dataset can now be reused however Mr Mandelson’s political protégé decides – GPs have been given no choice because NHS England already has the data and uses it however they are told. This action already destroys trust for the next pandemic, and undermines promises being constructed for Mr Streeting’s Single Patient Record plans where he’ll make political promises around becoming data controller for your medical notes. Apparently this is the acceptable approach and standards for where your data will go in the National Data Library.
Biobank data is still was published on the internet
The Guardian has reported that the NHS hospital data of UK Biobank participants was repeatedly published by Biobank users, and some of it is still publicly available months after Biobank was first told that Biobank patient level data was published online. This notification was before the Direction was signed which will allow “pandemic only” GP data to flow to Biobank to be used like the rest of the Biobank data.
UK Biobank admits that, in every case where they send a legal notice, that is because Biobank’s attempts to identify and contact the researcher have failed. Either Biobank don’t know who the researcher is, or the researcher doesn’t care enough to reply to the Biobank email.
It is clear that Biobank does not know who their active researchers are, because if Biobank did know who the users were, Biobank would not have to resort to takedown requests for accounts they can not identify.
In any event, Biobank gave them (or someone) access to that data in the first place – the application form is short and woefully insufficient, but it does have a space for an email address. Emails from Biobank that researchers ignore alongside ignoring the Biobank rules that Biobank say protect the NHS data they share.
Since Biobank resorted to these legal means, did Biobank notify NHS England they were doing this over NHS sourced data?
Biobank blame their victims for Biobank’s failings UK Biobank simply claims that no Biobank member has been harmed, and if they have, then it’s their own fault.
If you’re in Biobank, and if anyone knows anything about your medical history, they can potentially read it all. Apparently the bland text on page 23 of this newsletter was Biobank telling you about the risks you had chosen to take, and Biobank would allow researchers to take.
Given the nature of researcher conduct, it is not possible to guarantee that there are no further examples.
NHS England did a “consent audit” of Biobank, which Biobank says they passed. Is this victim blaming what NHS England’s audit found and approved?
To quote Biobank’s newsletter “In everything we do, we ask, what would participants expect from us?” so are the Biobank statements what one would reasonably expect?
Biobank’s [ public statements ] are incompatible with their [ redacted ]
[redacted until Biobank fix it or decide they’re willing to take that particular risk with their cohort]
The Guardian work shows how easily NHS patient data is re-identifiable
The Guardian’s efforts confirm that if you know one health event for a person, you can read off all the others through the linking pseudonym, the EID that Biobank’s response argues is so immaterial that it can be published repeatedly on the internet without consequence.
The Biobank response also argues that if data they have lost control of leaks (as it has), then that’s that if anyone knows anything about your health, and uses their lost data to find out more, then that’s your fault.
The Department of Health in England makes the same self-serving argument – they take risks with your data and will blame you when they go wrong. Everyone treated in an NHS hospital is in the hospital datasets that NHS England sells, usually without respecting the National Data Opt Out.
UK Biobank’s sole remaining defence is that it’s difficult for someone you’ve never met and who knows nothing about you to reidentify you – which doesn’t address the fact that you have met many people who know something about you and your health and can now potentially read everything; or the Department of Health in England can stop making stupid mistakes.
We have heard that participants have withdrawn from Biobank because of their failings over recent years. Biobank claims privately no one has told them they’ve withdrawn for this reason, but then, participants don’t have to give Biobank a reason for withdrawing.
If you’re in Biobank and wish to withdraw, they make you email them for the form. You are required to know your Participant ID, which Biobank probably told you 20 years ago, you can find on some communications from them, or simply download it from the internet with most of your hospital record if you know where to look…
You can withdraw from Biobank, you won’t be allowed to withdraw from the National Data Library.
Biobank’s reckless disregard for personal data has infected the “National Data Library”
The HDR/Sudlow Review which argues that all public sector data should be linked (one topic in the ID cards consultation) and used like Biobank. At the Review launch, the former Chief Scientist of Biobank said Biobank has “one of the best systems” for data access, and Biobank data should be “used as widely as possible”, and has now been rewarded with a seat on the National Data Library advisory board.
Biobank’s actions exemplify Mr Mandelson culture being applied to NHS data (increasingly so via the Biobank direction), and it will cover everyone everywhere in the UK via the National Data Library.
Unless DSIT agrees that the UK Biobank approach to those in their dataset as covered above will be that of the National Data Library, DSIT should remove Prof Sudlow from the advisory board. Biobank’s public response is the responsibility of the current Biobank senior leadership (most of whom should also resign in disgrace, but won’t as they blame the victims rather than accepting responsibility for their decisions; and wisely no one appointed them to an NDL seat). Responsibility is known and admitted for how Biobank ended up in the mess they have put their cohort in, the only question is whether there will be any consequences for that.
[14 March: this piece was written and published before The Guardian disclosed that UK Biobank (who will receive the GP data discussed in this piece) had repeatedly leaked NHS data onto the unrestricted internet. We’ll update this shortly, addressing the UK Biobank reassurance which should do anything but – no one knowing about anything in your medical history other than UKB is not realistic, but it is self-serving for UKB. See also A Warning for Experts by Experience]
During the pandemic, your data was collected from every GP under the promise that its use would be for “pandemic only”purposes. That promise is still on your GP’s website. Mr Streeting has decided to tearupthatpromise and is seeking to do so behind patient’s backs by instructing GPs not to tell patients of the change.
GPs were told in 2020 to put on their websites a promise that the data would only be used for the pandemic. That wording is still there. Mr Streeting has Directed NHS England to reuse the data however he wishes, but GPs have been told that “no action” is required and is therefore not monitoring acceptance – despite the fact that taking no action means the practice website will still be telling their patients that the “pandemic only” constraints are still in effect when they have been torn up and Mr Streeting does what he wants with their data. This is the first time, but there are repeats on the horizon.
And this matters even more because Mr Streeting ‘crossed a political rubicon’ when he signed the Direction saying that the NHS can lie to patients about how data is used. Like a Silicon Valley techbro, his actions show he can make a promise today and break it with a swish of his pen tomorrow. (Of course this also means he could choose to reverse this decision and stick to the “pandemic only” promise; if he doesn’t, the die is cast.)
NHS England refused to do a meaningful investigation, instead limiting itself to simply asking HDRUK whether a project was only used for pandemic purposes and believing their answer, despite the assessment of their independent advisors. HDRUK persists with the levels of transparency and accountability of the Boris Johnson administration.
“Lying to the press is not a crime”, says Baroness Mone, OBE – and the shared culture of HDRUK and Biobank has applied that same principle to patient data.
Biobank still sends patient data around the world and does not disclose which users are given exceptions to Biobank’s supposed rules. Our list of unanswered questions is long. Biobank continue to allow the company related to the eugenicists to access their servers (which are subsidised by UK tax payers), and Biobank claims “Byte Dance Ltd” are doing genomics research via their Cayman Islands holding company, despite claims the project is based in the United States from staff in China. (Byte Dance makes the TikTok app). After Biobank angrily insisted there was no problem with Biobank giving to insurers data that was donated for research, they later quietly slipped out that they had stopped; a US shell company called Flying Troika was never investigated, and Biobank approved last month a new project explicitly to give undergraduates in China real NHS/Biobank data to use in exercises.
This all matters not only because of the plans for a Single Patient Record and the Health Data Research Service, but because HDRUK and Biobank share a culture and say they designed the HDRS. This all matters because of the proposals for a Health Data Research Service, and because of the proposal for the Secretary of State to be Data Controller for the Single Patient Record.
If a patient has a National Data Opt Out covering research, none of their data should go into HDRS. The Biobank Direction threatens that. The published Direction is only for “consented cohorts”, but a future second half is under discussion covering “unconsented cohorts”, which likely be as broad as HDR’s past requests; cohorts such as “people who have hearts”, or “who are breathing”.
The extent to which HDRS delivers on the goals, delivers for patients, or does neither of those things depends on decisions not yet officially made. As DHSC takes over NHS England, and takes over the data release registers, those DH registers must include all NS data that flows out of any DH entity, otherwise they are by definition incomplete. The NHS itself has largely avoided data re-use scandals over the last decade by having complete registers of decisions made and where data flowed. They may have got in trouble about new datasets, but the decisions on old ones were clear. (until HDRUK tore up that consensus by breaking the covid-only rules – will HDRS look more like the transparent governance of NHS England or the secretive cartel of HDRUK or the unaccountable club that is UK Biobank). There are now many moving parts, and who will gain a short term advantage is unclear.
HDRS could be good
The new Health Data Research Service could be good; it could be consensual, safe, and transparent. But there’s widespread concerns that it will not be. (We’ll have more on HDRS soon).
HDRS has the opportunity to get it right from day one, and we see no sign of DH allowing them to do that – the job ad for the Chair/CEO of HDRS said that HDRS decisions will be “directly accountable to Ministers”.
If patients who have opted out of their personal data being used in research are overridden by politicians and HDRS so they have their data used in research against their wishes, then that will likely go as well as some of the other pre-u-turn decisions of this government.
Patients have choices
Polling says that up to 20% of people think they have opted out, but official statistics show only 5.5% actually have a National Data Opt out. If a patient is concerned about whether they have opted out, they can check with the online system, and then they need to do the two or more step process to actually opt out: online individually for your National data, and then on paper for your GP data for your whole family, and then a different paper form for National data for your kids! (The previous government designed this system to create administrative barriers to opting out; the new Government hasn’t made it worse yet at least)
Government is currently going through a ‘process’ (involving push polls about which we have had complaints from those attending the focus groups) to look at whether opt outs should be “reformed” in ways which mean an opt out after some date in the future may do less than the opt out does today. As seen with HDRUK, some in research think patients views don’t apply to them – and NHS England doesn’t want opt outs to apply to their “planning” (i.e. everything Government does in health).
It is important for patient confidence that there be “no surprises”, and that genuine transparency shows that promises are being kept or being carefully changed. Without this, how can any patient have confidence in the decisions being made as it takes control of their medical notes in the Single Patient Record?
If you’re looking for medConfidential’s assessment of today’s reannouncement, the details appear materially unchanged from the aborted announcement in October where key the question remains unanswered:
10 Feb 2026 update: The Secretary of State for Health and Peter Mandelson’s political protégé has now DirectedGPs to dothis. GPs have been told “no action” is needed from them, but they must take the action of informing patients that the “pandemic only” dataset will now be used however Mr Mandelson’s political protégé may decide. GP Data Opt Outs will still apply.
Below written in October 2025:
There’s more to come
medConfidential has seen press reports there is a signed but unpublished Direction implementing UK Biobank’s plan to break pandemic-only promises of data uses, which will place GPs in an impossible position with their patients (which is not Biobank’s problem). It was due to be published yesterday (Thursday 16th October), but wasn’t after news leaked.
While NHS England staff considers a Direction to take effect when they publish it, this one will almost certainly require additional implementation actions before it has any effect beyond the destruction of trust and confidence that comes from the signature demonstrating that Mr Streeting believes it is acceptable for him to Direct the NHS to lie to patients.
The Direction can be held by the NHS England Board and sent back to DHSC for additional work (never to return in the same form). It is unclear what would have happened if DHSC had already taken over NHS England.
In a couple of hundred words on the last Friday before Christmas, a short piece talked about what the recent HDR/Sudlow Review means for you and how the Government thinks it will use your medical history and your medical notes in ways you may not entirely like. This blog post is a little longer than that – we look at what they’re already doing and how.
“NHS England is working with the Office for National Statistics to assess the economic benefits of several health interventions including talking therapies, bariatric surgery, treatment for endometriosis, and the NHS Type 2 Diabetes Prevention Programme.
The analysis will also cover the impact on waiting times, employment rates and earnings while feeding into work by the Office for Budget Responsibility and the government on labour market effects.”
DH/E and HMT refuse to say whether the instruction to prioritise public funds for economic growth, and the instruction “not doing things” that don’t grow the economy, apply to the NHS. NHS England clearly thinks they do. When reviewing the project, NHS England’s Independent Advisory Group on Data (AGD) asked if HM Treasury should be named as a joint data controller for this project (section 5.1.10). In order to prioritise treatments that assist the economy in a fixed NHS budget, the Government will also have to deprioritise treatments that help patients but don’t measure as helping the economy.
Your health records linked to your tax records is how that is measured, and they’ve already started. The HDR/Sudlow Review covers their perspective on how that should be done and what the Office of National Statistics should do with data. ONS convened the review because ONS has a major problem – they culturally insist they have the support of the public for what they do with data, but they measure that support by response rates to their surveys, and public support has collapsed to only 20% and falling.
In response, like other abusers of power who want to feel they were thinking like Obi Wan, ONS found it easiest to act like Vader.
The context: All your medical history and medical notes all in one place to be used however the Governments wants
The proposal for a Single Central Care Record has been announced and re-announced several times now as Wes Streeting’s “big idea” to help the NHS. It will put your entire medical history inside Palantir/FDP where DH/E can run AIs over it to do “population health management” and where access can be offered to your medical notes anywhere the NHS logo is seen – not just any doctor you see, but any doctor you could see (including private doctors and hospitals). Will any creepy single doctor anywhere in the NHS be able to look up your full medical history including all medical notes? Probably.
At this time we don’t know whether you will be forced to have one of these records, or what transparency will be around where your record is accessed. Given how DH/E are talking about the record, you are likely to be forced to have one as it is for direct care but it is replacing existing systems which do have an opt out, so who knows. The Department of Health in England has repeatedly sided with creeps over their victims.
When thinking what data the HDR/Sudlow Review covers, it is not just your hospital records, but all your GP records and all your written notes, and anything any other part of government (DWP, HMRC, DfE, etc) may know about you, all linked together and available to civil servants with no obligation to disclose what it’s used for unless someone in Parliament asks.
One argument made throughout is that data is only used for “public good”. There is a vast difference between what the Government of the day thinks of as “public good” and what is good for you. Austerity was a public good according to the Government of the day.
When a pregnant woman shares her heart rate readings 24/7 with her doctor for her health, it is the position of HDR/Sudlow that the Department of Health in England should be able to sell those data so they can be mined by anyone who pays the access fee. It is the position of DH/E that there is no opt out for you from the sale of that data – the choice is literally your data or your life…
HDR/Sudlow in brief: Clubcard Culture sends more data to more places more recklessly
As described on page 167, Biobank wants the Department of Health in England to reuse data that was collected with the promise of “pandemic only”, and give it away to Biobank and others to hand out like any other NHS data. Buried on pg 102 is the desire to collect and share data from your smartwatch and on pg 103 your loyalty card. In practice, that would be the NHS collecting your smartwatch and loyalty card transactions and placing them in Palantir for Biobank and others to copy and rifle through.
One slide from the launch sums it up – it shows Clubcard data and smart watch data being copied to the NHS and onwards to research and commercial use – but that slide doesn’t mention the very controversial HMRC tax data that ONS and NHS are using to change waiting list priorities. Funny that…
Recent research shows that the smartwatch on your write can help diagnose a range of conditions earlier, but that level of detail can also be used to
HDR/Sudlow: Biobank as the role model for more recklessness
Proposing that more data goes to Biobank to go to racists doesn’t grow the economy for everyone, it just grows some bank balances. Biobank believes that’s ok (still) because they pay Biobank’s fees.
Speaking at the launch, the report author said the goal was applicants getting data in “days” and proclaimed Biobank have “one of the best systems” for giving data out rapidly (without sufficient checks on who they gave it to).
The Department of Health in England are auditing Biobank, but it’s unclear whether that audit will cover Biobank processes which led to the coverage in 2024, or whether the audit will be narrow and restricted only to questions around insurer access by the Guardian in 2023, possibly also excluding the story from 2022 about Biobank selling data to China (nothing seems to be happening about our 2024 followup to that – Biobank ignored our questions). Biobank’s main concern seems to be whether they have received money from applicants, only checking that the applicant isn’t on Biobank’s list of known racists to reject – a list that will always be incomplete.
The NHS application form is 30 pages, the Biobank version is only three pages. Biobank continue to insist that nothing in those 27 pages matters (and nothing in their contract with NHS England requires them to ask anything in those pages), but the checks are so laxthat Biobank didn’t spot an applicant was a bunch of eugenicists operating out of the same fake office as QAnon sites and other scams. That’s the approach HDR/Sudlow and ONS wants to all public sector data.
Biobank repeatedly argues that eugenicists keep trying to get Biobank data, and when Biobank catches them they’ll say no (pity about the cases they’ve said yes to). Biobank claim not to understand the approach of making multiple requests until it works, yet Biobank keep repeating their demands that data they should get Biobank think they deserve without following the rules, and will keep stomping their little feet (and getting meetings with Ministers) until they get what they want – the ripping up of promises to patients.
HDR/Sudlow’s friends shouldn’t have to keep their promises?
Unless patients can see how data is used, the government will get lobbied to break every promise they’ve ever made to patients whenever the day ends in “y”, because no patient can tell the difference. This report is another example of that – HDR/Sudlow Review agrees with Sudlow’s previous lobbying job that their friends should get a free pass out of their obligations.
Following the Review’s recommendation, DH have announced that they’re going to give the “pandemic only” GP data to Biobank and others under terms that are not limited to the Covid19 but will be for whatever Biobank, Our Future Health (and others) think they can do usefully with the data in future (and only they get to decide that, no one else has a say)
HDR/Sudlow: only HDR’s Sockpuppets should be listened to
The Review says some things about consultation and engagement, picking winners from amongst consultation respondents by choosing those deemed a “good” consultee because they agree with what HDR/Sudlow wants to hear. HDR has form for this in designing an supposedly “open” call for applications in which UKRI will channel public funds to the “single collaborative bid” HDR chooses to support (the bid of their friends)
Unfortunately and embarrassingly for the authors, the HDR/Sudlow Review was so distracted by ensuring the Review only included the views of HDR that it forgot to suggest anyone else be invited to the group that supposedly should write the rules. The Review was so far in an echo chamber it forgot all it was listening to was itself.
According to HDR/Sudlow (pg 163), those that “would be well positioned to lead on SDE standards” is only “HDR UK [legal entity: HDR], ADR UK (partner with HDR but legally part of UKRI who fund HDR), the UK Health Data Research Alliance [legal entity: HDR], and UKRI’s Data and Analytics Research Environments UK (DARE UK) programme[legal entity: HDR]” and no one else. We have covered at length the ongoing subversion of safeguards by HDR as they continue their cash to cronies grants process and closed shop.
DH/E may be told they’re hearing from four organisations, but all bar one are sockpuppets controlled (in the data controller sense and in the practical sense) and owned by HDR where all the people in the room report up to HDR’s leader Andrew Morris and follow his party line.
Similarly, many of the public engagement groups of which HDR/Sudlow speaks supportively – PEDRI [legal entity: HDR], DAREUK [legal entity: HDR], etc are again simply HDR hiding behind another logo. The one exception (UseMyData) have staff funded by HDR and other staff paid by NHS England to do engagement work – entirely legitimate but difficult to be considered independent from HDR’s desires around NHS data.
Biobank and HDR want all data the NHS has, and they act as useful idiots for others who want that data for their own gain, including the Secretary of State who has an idea…
The Review was written to justify what was already being done
The NHS England announcement gives four examples where DH/E knows that there is a clear investment case to be made for funds, which is good for the bits of DH/E managing those waiting lists, but in a fixed budget imposed by HMT, that takes cash away from other treatments.
Focussing on economic benefits means “economic growth” supplants clinical decision making and prioritisation. The more say HMT has, and the more control the Department of Health in England takes, the less choice your doctors have.
The obesity work has already been done in the pilot, and now will be repeated with the other three areas (the work is being done by statisticians who like comparability). Ian Diamond talked about the work at the launch of the Sudlow Review where he disclosed that the existing work was done by ONS linking together taxpayer records with their health data, something the HDR/Sudlow review seems to have obfuscated in the Review itself.
All your health records and all your tax records linked, for departments to do with whatever they see fit. Once they’ve done these four areas, it is bureaucratically indefensible for not comparing all treatments across all of the NHS – what happens if there’s one that offers more benefit? But it will also show all treatments that have patient benefit but not measurable economic benefit. According to ONS (item 5.1 in April), the organisation making these decisions should be ONS, not the NHS. ONS makes decisions about the value of a statistical analysis, without any regard for the impact on patients or health.
ONS can do this because when NHS England gave them data for statistics purposes, NHS England chose not to respect the National Data Opt Out because it wasn’t identifiable data that would be linked onto your tax records (supposedly). Once ONS got the data for something, it can reuse it for anything. The NHS England Advisory Group on Data was not entirely happy (section 5.1 in October) but NHS England doesn’t appear to care.
Despite the use of tax records being discussed at the launch of the Sudlow Review, the diagram on page 123 of the report notably omits HMRC taxpayer data being in the plans outlined by the Sudlow Review. The mention on page 90 is so opaque you could be entirely forgiven for missing that your tax records are being linked to your health records and data mined in ways you have no awareness of (while academic projects are publicly disclosed, projects internal to government are kept secret as clubcard culture has taken over the “digital centre of government”).
The HMRC/health data linkage is not used to give or refuse care – it is a model used to say what types of treatments help economic growth (and so should be treated faster), and which don’t (and so people can wait longer), in general terms, for people like you.
Simultaneously, DH/E is centralising waiting list cleansing and prioritisation in Palantir means DH/E will be centrally setting the criteria for who gets the limited resource of an operating theatre or specialist care, replacing centrally what is currently done by the doctors in your hospital making decisions based on clinical need.
Like equivalent analysts at US health insurers, ONS will claim their findings don’t affect your care, but it is intended to affect the priorities of care provided to people like you for care you may need in future. If the care you need doesn’t promote economic growth then being rich won’t help you, and if you happen to have a disease of the rich then your poverty doesn’t matter. It’s all about “in general” not you specifically. But, diseases of London have a bigger impact on the economy than diseases of Blackpool or the North, so waiting lists in London should be prioritised according to the logic that the previous government used to start the NHS down this analysis path.
The Everyone Database: names, addresses, dates of birth, and all the identifiers used for you across Government linking all the data government has
I’ve previously sat in a UKRI meeting where a Professor spoke at length that he was not suggesting creating a population index or population register, while his slide behind him said he was, and he wanted it to be based on the NHS patient register. They had invited no one from the NHS to that meeting – they weren’t aware (until we told them). “Population Research UK” (another HDR sockpuppet) seems to have got them to do it anyway. If the meetings of that have started, has anyone from ONS noticed that everyone they’re talking to is basically Andrew Morris in a disguise?
On page 123 the Review discloses what the Database is, and at the review launch, National Statistician Ian Diamond disclosed ONS had already built the “demographic index” and are using it as the link between tax and health records in order to do the analysis of which care to prioritise and which to deprioritise (ie cut).
The inclusion of justice data is particularly troubling – given it is a database of the victims of crime, not just perpetrators, mostly because HDR/Sudlow didn’t bother to think of those in any database as people with rights or concerns (or think of them as people at all).
The National Statistician has a choice
Speaking in 2021, Sir Ian Diamond, National Statistician said:
“There’s no god given right for us to have data. There needs to be a really sound public good reason for collecting data, and using data, and people need to feel absolutely comfortable that their data are being used properly and kept securely and in a way that satisfies all forms of privacy”
Does the National Statistician still believe that? If someone isn’t comfortable with that, for demonstrably good reasons, does the National Statistician want to use their data anyway? How does someone opt out?
At the HDR/Sudlow Review launch, he repeatedly talked about data being “used properly”.
Does “used properly” include the economic analyses that DH/E have announced being done on the data of people who have opted out of their data being used for purposes beyond direct care?
Does “used properly” include using the tax records of people who are given no choice about that at all?
As currently built, the ONS Population Index includes the NHS identifiers of everyone, but could easily have a second field which is only the NHS identifiers of people who have not got a national data opt out, and it is that second field which is used for research purposes. Until DSIT gives a “rest of government opt out” the “NHS national data opt out” is available, especially for NHS uses. The existence and scope for abuse of the Population Index is an entirely different problem (noting also that the spooks want access to everything any entity in the UK uses for anything). What happens when Home Office staff walk across the corridor from their open plan office into the ONS open plan office in the same building and want special access to data?
Some of the other simpler issues can resolve themselves – transparency will come to ONS either voluntarily or from outside. ONS can request a second dataset to which the National Data Opt Out has been respected, which is used for all research proposals (as AGD recommended); or as the HDR/Sudlow Review suggested for Biobank and the Department of Health in England, do promises only apply when it’s easier to keep them than not? Will ONS treat the census the same way?
ONS claims some abstract sense of “public support” for what they do, but they want data this way because public support for their work, in the very real measure of response rates to their flagship survey, is only 20% and falling. ONS claims of public support do not stand up against their own response rates.
For those who have followed medConfidential’s team since the 2000s, the institutional funders who focussed on these topics under the previous labour government seem to have moved on to other areas. We remain grateful for individual donations.
It is often hyperbole to compare organisations to “Nazis”, however, the Pioneer Fund were established in the 1930s and their advocacy alongside the 1940s German Nazis (ie, actual nazis) is well documented. When the Pioneer Fund’s new leadership gave it new brand, Biobank decided to give them data. As of early 2025, we understand they still have ongoing access to Biobank’s servers and data, including any data they have downloaded.
Then the Chief Scientist of Biobank says they have “one of the best systems” sending data to applicants in “weeks and days” and the NHS should release data just like biobank. The Biobank who didn’t spot an applicant was a bunch of eugenicistsoperating out of the same fake office as QAnon websites and other scams. We have asked Biobank if they warned their users, including the controversial users, that download access was planned to be turned off thereby allowing them to download everything before downloads were closed. Biobank have not responded to that question (or any others).
If you’re in the UK Biobank
If you are in UK Biobank, given the past actions of some of the recipients you may want to consider the effect of Biobank’s choices on you. Resources to support you should appear prominently on the front of the biobank website. If you are biologically related to someone in UK Biobank, it will also affect you.
If you are in UK Biobank, their privacy policy tells you that you can withdraw with “no further use”. UK Biobank (indefensibly) hides the form behind their helpline, requiring you to share your biobank ID or date of birth and the last postcode they have for you in order to get the form (if you do get it, send us a copy and we’ll publish it for everyone who follows you). You can either email back to them (if you want them to try and dissuade you) or post back to avoid emotional bullying by an organisation whose institutional failings handed your DNA to those they promised they wouldn’t.
What data was involved
UK Biobank has not yet been clear, but if you are in the UK Biobank, you should assume your DNA sequence is at risk of being shared in breach of promises, along with your medical history.
If you’re in Wales or Scotland, that medical history includes your GP data. If you’re in England, your GP data was probably included if your GP used TPP in 2016 – Biobank had been given GP data by TPP, illegally, without the knowledge of the vast majority of GPs – until the BMA found out in ~2017 and data flows stopped; but biobank kept selling access to what they already had.
A small number of EMIS and TPP practices had believed Biobank’s (false) promises and given permission to share data, but 95+% of practices were waiting until the BMA’s scrutiny of UK Biobank’s practices had completed (scrutiny Biobank refused to assist with and vociferously objected to, in the same manner an alcoholic objects to sobering up).
There has been vocal advocacy from the outgoing Biobank leadership (and theirfriends) in the last year that data should be decided only by interests like the shared culture of HDRUK and Biobank – political posturing divorced from what is now evident reality. What the new government chooses to do should now be more widely informed.
We’ll update this post as more resources become available. Biobank should place these resources on the front of their website.
In July 2025 Biobank quietly included ~1800 previously undisclosed projects on their website list which had not been updated since July 2024. They also now seem to block the Internet Archive from archiving their project pages in bulk, so we republish all the information on one page which is updated intermittently until they provide their own spreadsheet (here’s ours).
