NHS England Expands Data Access for Palantir Contractors
NHS England has recently implemented a new administrative role within its Federated Data Platform (FDP), granting external contractors, particularly Palantir, broader access to patient data. This decision, revealed through a leaked internal briefing note, has sparked concerns among patient groups and Labour MPs.
Background:
Palantir secured a £330m contract in 2023 to manage the FDP, a system designed to consolidate operational data from various NHS trusts for improved planning, waiting list management, and resource allocation. While identifiable patient information is intended to remain within a secure environment, known as the National Data Integration Tenant (NDIT), the new admin role allows external staff access with a single approval, eliminating the need for individual Controlled Data Access (CDA) requests.
Key Points:
-
New Administrative Role: NHS England has introduced an "admin" role granting broader permissions to approved external staff on the FDP. This bypasses the previous case-by-case CDA approval process deemed too cumbersome.
-
Contractor Access: The change applies primarily to Palantir, the primary external contractor on the platform, but also includes other consultancy firms supporting the program.
-
Security Clearance: External access requires government security clearance and approval from a senior NHS England official.
-
Patient Group Concerns: Patient groups and Labour MPs express concern about this shift, describing it as "dangerous." Rachael Maskell, a Labour MP, urges ministers to intervene, while medConfidential highlights the significant change in data governance within the largest NHS data program.
-
NHS England Defense: NHS England asserts that the change has been internally approved and that all access remains subject to legal and clinical safety frameworks. Palantir previously stated they process NHS data only on instructions from NHS England and do not own or commercialize underlying data.
This move reignites a longstanding political dispute surrounding the FDP contract, raising questions about data privacy and security in the UK's national health service.