MPs Warn NHS England Decision on Palantir Patient Data Access Raises Privacy Risks

MPs have warned that an NHS England decision to grant Palantir access to identifiable patient information is dangerous and will fuel public fears that data privacy is not being prioritised. The health service allowed staff from the US tech firm and other contractors to access patient data before it has been pseudonymised.

This occurred despite internal concerns about a risk of loss of public confidence, according to reports. NHS England made the decision in recent weeks. It will allow unlimited access to non-NHS England staff to part of the federated data platform, which holds identifiable patient information.

The platform is intended to integrate scattered health datasets and improve medical treatment efficiencies using AI systems. Palantir was awarded a £330m contract to help build the federated data platform. The company said it acts as a data processor rather than a data controller.

Its software can only process data according to customer instructions, and using it for any other purpose would be illegal and technically impossible due to granular access controls overseen by the NHS.

The Patients Association said it was concerned that patients were not consulted on the significant change to who has unlimited access to patient data. Rachel Power, its chief executive, said patients wanted transparency, clear boundaries around access to their data, and to be consulted when changes to those agreements are proposed.

An internal NHS England briefing acknowledged considerable public interest and concern about how much access to patient data Palantir staff have. In 2023, shortly after the contract was agreed, NHS England said it would ensure personal data remains protected and within the NHS at all times.