MPs have criticized NHS England's decision to allow Palantir access to identifiable patient data, calling it 'dangerous' and a threat to data privacy. Concerns have been raised about the lack of public consultation and the potential loss of trust in the health service.
Key points
MPs warn NHS's decision to grant Palantir access is dangerous
Concerns about data privacy and public trust
Palantir awarded a £330m contract for NHS data integration
Access granted before data is pseudonymised
Patients Association calls for transparency and consultation
Mentioned in this story
NHS EnglandPalantirPatients Association
MPs have warned that an NHS decision to grant Palantir access to identifiable patient information in its plan to use AI to improve the health service is “dangerous” and will fuel public fears that data privacy is not being prioritised.
NHS England has allowed staff from the US tech firm and other contractors access to patient data before it has been pseudonymised, despite internal fears of a “risk of loss of public confidence”, the Financial Times reported.
The health service made the move to allow Palantir to access the data in recent weeks according to the reports, which revealed an internal NHS briefing that said it would allow “unlimited access to non-NHSE staff” to part of the NHS’s federated data platform (FDP), which holds identifiable patient information.
Palantir, which also supports Donald Trump’s ICE immigration crackdown and the Israeli, US and UK militaries, was awarded a £330m contract to help build the FDP, installing AI systems to integrate scattered health datasets and bring efficiencies to medical treatment. But the deal has been dogged by warnings from campaigners and MPs concerned about the security of patient records.
The Patients Association said it was “concerned” patients were not consulted on a significant change to who has unlimited access to patient data. Rachel Power, its chief executive, said patients wanted “transparency, clear boundaries around access to their data, and to be consulted when changes to those agreements are proposed”.
The leaked NHS England briefing acknowledged the “considerable public interest and concern about how much access to patient data Palantir/Palantir staff have”. In 2023, shortly after the deal was agreed, NHS England said it would ensure “personal data remains protected and within the NHS at all times”.
NHS England stressed external consultants requiring data access must have government security clearance and that it had “strict policies in place for managing access to patient data”. With hundreds of different datasets in the FDP system, it was becoming time-consuming for contractors, including Palantir engineers, to apply for individual permissions. Instances when they did see identifiable patient data while working on the system’s “pipelines” were logged. They did not have permission to remove the data from the NHS, Palantir said.
Q&A
Why are MPs concerned about Palantir's access to NHS patient data?
MPs believe that granting Palantir access to identifiable patient information is 'dangerous' and could undermine public trust in data privacy.
What is the purpose of Palantir's contract with NHS England?
Palantir was awarded a £330m contract to help build the NHS's federated data platform, using AI to integrate health datasets and improve medical treatment efficiencies.
What are the implications of allowing non-NHS staff access to patient data?
Allowing non-NHS staff unlimited access to identifiable patient data raises significant privacy concerns and risks losing public confidence in the health service.
How has the Patients Association reacted to the NHS's decision?
The Patients Association expressed concern over the lack of patient consultation regarding changes to data access, emphasizing the need for transparency and clear boundaries.
Philippine presidential hopeful Sara Duterte impeached for second time
Philippine Vice-President Sara Duterte has been impeached for misusing public funds and threatening President Ferdinand Marcos Jr. This impeachment could jeopardize her 2028 presidential ambitions as she faces a Senate trial.
See every story in News — including breaking news and analysis.
Rachael Maskell stands in front of a stone rampart at a castle in York. She wears a pale cream jacket and has long fair hair, tied back. The sky is blue behind her.
Rachael Maskell, the Labour MP for York Central, asked the government ‘to get a grip on this project before it is too late’. Photograph: Richard Saker/The Guardian
But the MP Rachael Maskell, a former NHS worker who is calling for the Palantir project to be stopped, said: “As Palantir get their claws deeper into our NHS data we can see how it is opening it up to greater private interest. This is a dangerous development and I ask the government to get a grip on this project before it is too late.”
Palantir said it was a “data processor” and not a “data controller”, meaning that its software could only be used to process data precisely in line with customer instructions. “Using the data for anything else would not only be illegal but technically impossible due to granular access controls overseen by the NHS,” it said.
Martin Wrigley, a Liberal Democrat member of the Commons technology select committee, said of the NHS move: “This somewhat cavalier attitude to data security demonstrated how this whole project does not have security by design at its heart. The public will be rightfully concerned that data privacy is not the first concern.”
Palantir is facing opposition to its widening role in the UK public sector. Last month the Guardian revealed the company is closing in on a deal to widen its work with the Metropolitan police to use AI to analyse intelligence in criminal investigations, while hundreds of thousands of citizens and numerous backbench MPs oppose its role.
Polling last week showed more than two-thirds of the UK public are concerned at Palantir’s growing number of public contracts and 40% distrust it to not access NHS patient data, despite the company repeatedly insisting it cannot and will not do so.
Tom Hegarty, the head of communications at Foxglove, a tech equity campaign group, said: “NHS patients never consented to have their data accessed by a company like Palantir whose record is in targeting people, not caring for them … Once again: Palantir fails the trust test. The government should … cut Palantir out of our NHS once and for all.”
NHS England has been approached for comment. It told the FT it monitored the work of engineers, and “anyone external requiring access must have government security clearance and be approved by a member of NHS England staff at director level or above”.
