At no other time in its history has the inadequacy of the UK’s National Health Service been so apparent than this year, its 75th anniversary. Pay disputes have seen weary junior doctors, nurses and consultants take to picket lines with increasing regularity, while stories multiply about fatal delays to ambulance callouts and patients trapped in hospitals unable to disgorge them into the social care system. Warnings, too, are being issued about the ability of the NHS to deliver safe and effective maternity, dental and cancer care because worn-out staff are leaving the service in droves. Few are tempted to replace them, with vacancies now topping 112,000.
Various treatments have been proposed for these symptoms, including aggressive recruitment drives, GP contract renegotiations and good old-fashioned funding transfusions. Another school of thought, meanwhile, holds that the NHS could make better use of the resources it has, not least the vast amounts of patient data pumping through its sclerotic IT systems on a daily basis. Most of this information is siloed in GP surgeries and hospital trusts. But if the world’s most famous public healthcare system could bring all of that data together, medical technologists argue it could allow NHS leaders to not only allocate resources more efficiently but also plan more effectively for disaster scenarios and trigger new breakthroughs in medical research.
That was more or less the pitch US tech firm Palantir made to Lord David Prior, chair of NHS England, in July 2019. “Thank you for hosting such an interesting dinner and also for the watermelon cocktails!” Prior emailed Palantir’s UK chief, Louis Mosley. “If you can see ways where you could help us structure and curate our data so that it helps us deliver better care and provides a more insightful database for our medical research do be in touch.”
While it isn’t unusual for ministers and civil servants to have regular contact with private companies (though “whether it’s best done over £60 cocktails is another question,” author Peter Smith told the BBC at the time), Palantir was not then a logical suitor for NHS data contracts. Founded in 2003 to provide analytics software to US intelligence services, its experience in doing the same for major healthcare organisations was limited at best. It hardly mattered. A few months later, the NHS became the vanguard of the UK government’s fight against Covid-19, and ministers commissioned Palantir to integrate its ‘Foundry’ data dashboard platform into the service’s new ‘Covid-19 Data Store,’ the better to inform their responses to the disease’s spread.
That data repository has become the template for a much larger, £480m database called the Federated Data Platform (FDP.) By pooling data hitherto siloed in 42 Integrated Care Systems, NHS England hopes to provide clinicians with new and practical insights on how many patients are being treated by the service, and why. “The platform is an operational tool that we are buying for NHS organisations to make better use of their own data – in real time – to make operational decisions,” an NHS England spokesperson told Tech Monitor. In time, advocates hope it will lead to additional efficiencies across the organisation and, perhaps, lead to new medical breakthroughs.
By virtue of its involvement in the Covid data store and other pilots, Palantir is the frontrunner to build the FDP. It’s a prospect that fills Foxglove’s Cori Crider with dread. The activist and lawyer decries the relationship between the company and NHS England as opaque, expensive and catastrophically corrosive to public confidence in the latter as an effective data controller.
“We are troubled by the ‘Groundhog Day’ episode in which somebody decides, ‘Oh, I want to get data done in the NHS, I can do it by cutting one company a cheque and secure public assent for this later once we sign a contract,’” says Crider. “It’s failed in the past and, if they don’t pause and think, I think there is a huge risk that it will fail again.”
Palantir 101
Alex Karp is not your typical tech bro. During a wide-ranging interview at Davos earlier this year, Palantir’s co-founder and chief executive recalled how an initial passion for jurisprudence that led him to Stanford Law School soured when he realised he hated everything about the university. “But,” said Karp, “it gave me a lot of time to read philosophy and talk to random people on the campus, including my buddy, Peter.”
‘Peter’ was Peter Thiel, who would go on to found PayPal and become one of Silicon Valley’s most successful investors. In 2002, Thiel pitched Karp the idea of running a new start-up. “We’re going to take the back end that we used at PayPal to stop cybercriminals and we’re going to turn it into a product, and we’re going to sell it to the intelligence services,” said Thiel. Despite having no qualifications in software engineering, Karp immediately agreed to become the new company’s CEO.
Named after the magical orbs used by the evil Lord Sauron to communicate with his minions in Tolkien’s Lord of the Rings trilogy – aficionados of the films will remember the moment when one of these spheres leaves the hobbit Pippin briefly gibbering on a longhouse floor – Palantir provided analytics services capable of securely distilling dozens if not hundreds of distinct dataflows into a single platform. It quickly earned a reputation for radical pragmatism in its choice of clientele. Crider first heard of the company during her term as the head of Reprieve’s abuses-in-counterterrorism team. In her estimation, she recalls, this was “a company who mainly enabled the pointy ends of state power to do pointy state power things,” more than happy to furnish data dashboards to the CIA (also early investors) and raid-planning systems to the US Immigration & Customs Enforcement (ICE) agency.
Karp has been unrepentant about Palantir’s work with intelligence and law enforcement agencies, crediting his company’s software with helping to stop major terrorist incidents (“Without Palantir, the far right would be in a position of dominance,” he told audience members at Davos.) Nevertheless, the firm was one of many tech companies that successfully portrayed its products and services as transferable to other, more mundane application areas during the pandemic, argues Linnet Taylor, a professor at the Tilburg Institute for Law, Technology and Society. “What Palantir offers is simplification,” says Taylor – an enticing proposition for a government scrambling for tools to respond to an unknown virus, and likely more so when that company proposed to work on an emergent COVID-19 Data Store for just £1.
It wasn’t the only area where the British government enlisted the company’s assistance. It was Palantir dashboards, for example, that helped ease post-Brexit cross-border chaos and, at extremely short notice, expedited the resettlement of Ukrainian refugees in homes up and down the UK. Palantir’s products have been used in data analysis and operational decision-making at the Ministry of Defence, assisted in modernising Highways England’s digital back-end as part of a billion-pound tender, and can be seen throughout the NHS, where Foundry can be found powering the NHS’s ‘Pilot Faster Data Programme’ to paint a daily picture of hospital admissions across 35 trusts, patient discharge application OPTICA, and the Improving Elective Care Co-ordination for Patients (IECCP) programme.
It is this latter relationship that has proven the most controversial. That begins with fears among some that the two are ideologically incompatible, reinforced by the company’s extensive work with intelligence and law enforcement agencies and controversial statements made by Thiel comparing British affection for the NHS to Stockholm Syndrome and suggesting parts were ripe for privatisation (a Palantir spokesperson at the time clarified that Thiel was speaking as a private individual, not in his capacity as the company’s chairman.) “In theory, you just rip the whole thing from the ground and start over,” he told students at the Oxford Union in January. “In practice, you have to somehow make it all backwards-compatible in all these ridiculous British ways.”
It is true that Palantir has an open-minded attitude toward its choice of clientele, its spokesperson told Tech Monitor. “We see our role as technologists ensuring that those on the front lines have access to the best technology,” they said, adding that it refuses to work with China, Russia, or entities with proven human rights violations like the Thai Royal Police. “But, we also recognise that there are legitimate policy issues related to the work of our customers and their use of our software that should be debated by policymakers, not decided by Palantir – in other words, determined through political processes and institutions in our democracy, not by corporate fiat.”
Karp himself has indicated a distaste for Palantir’s software being used to manage data acquired through facial recognition and claims to have voted for Hillary Clinton in 2016. Taylor remains unconvinced, however, that the company is just being guided by free market pragmatism. While Palantir now boasts services for banking, humanitarian work and auto racing, she argues it continues to show a troubling enthusiasm for operationalising the kinds of controversial government projects other major tech companies normally shy away from. “It’s not like Ben and Jerry’s is suddenly bidding for contracts with the NHS,” says Taylor. “It’s not the same thing.”
Transparent accounting
In the here and now, what does that mean for the security of patient data? Sam Smith hopes that the answer is ‘not much.’ “My entire job is basically dealing with people who should [know data security] but don’t, and given Palantir’s other customers are banks and spooks, those organisations hopefully have more [of an] idea than we do,” says the policy coordinator at MedConfidential.
Both Smith and Crider, however, have deep misgivings about the transparency of the relationship between Palantir and NHS England. In 2020, for example, it took the threat of legal action from Foxglove and others before NHS England released Palantir’s contract to help run the COVID-19 Data Store (“We were on our way to court, more or less, with the papers when they decided to come and publish the contract,” recalls Crider.) After that contract was renewed, first for £1m and then for £23m, the NHS subsequently promised that future deals would be more transparent. Since then, however, the service has yet to release any of the code it has used to adapt Foundry dashboards. “They’re refusing to share anything,” says Smith. “That doesn’t sound like a public body being transparent.”
For its part, Palantir says that it’s extremely proud of what it’s helped the NHS achieve using Foundry, citing several glowing testimonials about Foundry’s effectiveness from ministers, doctors and technology managers within the NHS. “Critically, it is getting results,” its spokesperson told Tech Monitor, “including a vaccine rollout widely considered one of the best in the world [and] a 28% waiting list reduction at Chelsea and Westminster NHS Foundation Trust.”
Not every experience with Foundry in the NHS has been quite so positive. In March, health minister Will Quince revealed that nine pilots using the platform had been paused, while another two had been ‘suspended.’ The circumstances behind the suspensions remain unclear. Palantir told Tech Monitor that the IECCP pilot it is running in collaboration with the NHS is currently live in four of the trusts mentioned in Quince’s answer. An NHS England spokesperson, meanwhile, ascribed the suspensions and pauses to ‘operational pressures’ arising in those trusts that do not have the capacity to work on the pilots. Details on what this practically entailed for the trusts where pilots had been ‘paused’ were forthcoming in another answer Quince gave recently in reference to Newcastle Hospitals NHS Foundation Trust. Meanwhile, a spokesperson for Liverpool Heart & Chest Hospital stated that it suspended its use of Foundry because staff had decided “it didn’t meet our needs.”
Elsewhere, clinicians within the NHS have complained anonymously that Foundry was not ‘user friendly’ and did not afford them the ability to perform useful data manipulation. Crider heard similar claims from NHS staff during her research for a parliamentary briefing for MPs earlier this year. “I am sure that, for some central managers, the idea of a neat dashboard showing them everything at all times is pretty seductive,” she says. “But when you ask people both from the Data Store days about their experience, or let’s say a local hospital trust about how useful they found it, you get people who say, ‘Well, actually it didn’t talk back to us at all, and we didn’t have the information in real time that we needed, so we created a parallel system in bloody Excel.’ I mean, genuinely, that is what somebody from West London said to us.”
Foxglove’s report also criticised Palantir for encouraging vendor lock-in to its Foundry software by rendering it incompatible with data science tools customarily used by NHS data scientists, such as Jupyter Notebook. Palantir vigorously pushes back against these claims. Its software, a spokesperson told Tech Monitor, “has interoperability at its core,” supported and underpinned by its use of “Python, standard testing frameworks, standard build and dependency management tools.” They also added that Jupyter Notebook is now supported, “following feedback from analytical users, including NHS [users] natively in the platform.”
Could the NHS have conceivably adapted secure, open-source alternatives like OpenSAFELY or OneLondon, or even have built its own solution from scratch? Perhaps – but the NHS does not seem to be entertaining that possibility. While other government organisations have transitioned away from using Palantir products in favour of other solutions – see, for example, ICE’s recent replacement of its infamous FALCON contract with an in-house platform – the service apparently does not have the capacity. “Given the pace and scope of what the NHS needs, it is not viable for us to build our own [FDP], as we do not have specialist software development skills to do so in-house,” an NHS England spokesperson told Tech Monitor.
This ignores the potential of the service’s own data scientists, says Smith, notwithstanding the 3,000 vacancies for tech roles across the NHS. There’s nothing in Foundry that he’s heard about, he adds, that couldn’t be replicated by NHS coders in roughly a week or two. “When you’re buying the drug Orkambi, you’re buying something that nobody else can make,” says Smith. “When you’re buying Palantir, what you’re buying is the warm, fuzzy feeling for your managers that you’ve bought the thing that they’ve seen all the ads in Playbook about… it succeeds by making them feel better about the problems that they have.”
Eating the public sector
Many expect Palantir to win the first £480m contract to build the platform in the autumn, especially after the company was directly awarded another contract worth £24.9m to help the NHS transition between the Covid data store and the new system in June. During a recent House of Lords debate, the undersecretary of state for health defended the government against accusations from the British Medical Association and the opposition that the tender was opaque and uncompetitive. “It is normal in these situations that, when you need transition arrangements, you do not want hospitals left in the lurch,” said Lord Markham. “You need a transition so that, whoever wins the new bid, hospitals are safe in the meantime.”
Critics say it’s more indicative of preferential treatment dating back to 2019, the result of Palantir’s closely lobbying ministers and NHS officials (“We absolutely reject this claim,” a company spokesperson told Tech Monitor, while NHS England’s spokesperson insisted that the organisation is “conducting an open and transparent procuring process” for the FDP.) For his part, Smith is worried that the NHS is in danger of embracing yet another highly expensive and unproven IT system. “There’s no assurance anywhere that this will work,” he says, referring to the paused and suspended pilots. “And, once you’ve spent half a billion quid, if you find out afterwards it doesn’t work, you have a problem.”
Whether or not Palantir does win the contract, Crider believes the consent framework for data collection under the FDP is unfit for purpose. While patients cannot opt out of any data collection and processing undertaken by the NHS for the purposes of providing care, they can choose to deny collection for ‘secondary use purposes’ under the National Data Opt Out.
That system is an unnecessarily blunt instrument, argues Crider. In addition to potentially skewing many of the datasets within the FDP that NHS managers hope will make their lives easier, she says, “pulling the big red lever ejects people’s data from many purposes they might actually tend to support.” Many still will, says Crider, citing a recent YouGov survey that found 48% of respondents were willing to opt out if the FDP was run by a private company, as well as similar opt-out rates in other NHS data projects like the GPDPR.
What if that company was Palantir? The company’s spokesperson was unwilling to make specific comments on a live procurement process but was keen to outline the limited role the company perceives itself as having in NHS data collection and processing. “We don’t collect or monetise our customers’ data,” said a company spokesperson. “We simply give them the tools so they can organise and understand their own information…precisely because our software is used in some of the most sensitive information environments in the world, it is built to ensure data sharing is controlled, auditable and in accordance with customer-defined purposes only.”
It may still be challenging for Palantir to overcome critics’ fears about the firm, which often seem to spring from the contradiction between the right-wing statements of its co-founder and the firm’s work in socialised medicine – see, for example, BBC Radio 4’s Nick Robinson grilling Karp on whether patients have “anything to fear” from the firm’s interest in NHS data. But the implication that Palantir is somehow hellbent on reselling identifiable patient data is misplaced, explains Taylor.
“It astonishes me the extent to which otherwise rational inquiry has bought into the notion that personal data is where it’s at,” she says. “There’s absolutely no reason why a defence contractor and security analytics firm would care about individual data on NHS end users.”
All that Palantir is really interested in, explains Taylor, is building and selling its data dashboards to as many government ministries and departments as possible. The FDP contract with the NHS has not only been described inside the company as a ‘must-win’ because it’s lucrative, she adds, but because it’s an invaluable opportunity to learn how data flows within one of the world’s largest public healthcare organisations. Success in this area can then be used to inform pitches to every other national health service around the world. “I think Palantir will get involved in anything,” says Taylor. “I don’t think it has some moustache-twirling plans to wreck the health sector.”
Palantir’s hardly the only big tech company to see government itself as a key revenue stream. Microsoft and Amazon, for example, have been striking deals to provide cloud, cybersecurity and defence applications for many years. The wave of automation and deregulation that took place after the pandemic has seen that relationship only deepen. In 2022, for example, Google launched a dedicated public sector division. The search giant “has been doing pro-bono or low-bono work with cities, particularly in the developing world, for a long time,” says Taylor. But this should not be seen as charity work, she adds. “Its [aim is] to build business overall. It’s not to get better at serving London or Dubai.”
It is simply a fact of life that governments and municipalities rely on striking partnerships in the private sector to keep public services running. But an increased reliance on multinational tech firms by the public sector since the pandemic, argues Taylor, has inevitably led to an erosion in accountability about how these services are run. “Government was okay with being manipulated because of the pandemic,” she says. “The emergency context allowed them to decrease protections, to decrease oversight, to create very opaque situations with the companies that they were doing deals with – and to escape scrutiny.”
Clearly for these relationships to work in the public interest and remain value for money, governments around the world need to run open and transparent tenders for technology contracts. Right now, Taylor fears that isn’t happening nearly enough. “I think that’s one thing that’s really stayed from the pandemic, is the idea that tech will save us,” she says. The reality may be more opaque and undemocratic.