NHS England and the UK government are coming under fire as internal documents appeared to reveal that hospitals in the country have been ‘ordered’ to share patients’ confidential medical records with US tech firm, Palantir. Though NHS England denies the claims, it is the latest controversy surrounding the health service’s relationship with Palantir, and comes as three organisations banded together to take the NHS to court over its pilot with the CIA-funded company.
An internal document shared with OpenDemocracy reportedly shows that NHS England finance chief Julian Kelly has told NHS trusts they have until the end of March to begin uploading patient information. The letter states that information will be stored in a new central database using Palantir’s Foundry software. The database is called “Faster Data Flows” and will collect daily information about hospital patients, including dates of birth, postcodes and detailed medical histories.
While NHS England has said previously that any identifiable personal information would be altered before it would be shared with Palantir – a process known as pseudonymisation – the latest leaked documents reportedly show the organisation admitting that Palantir will “collect and process confidential patient information”, according to the leak. It is not clear, says OpenDemocracy, what this processing includes.
Palantir has told Tech Monitor that it doesn’t have access to “identifiable medical records through the Faster Data Flow programme” and that it has “simply built the software”.
“Much like our software has been used during Covid-19 to deliver the vaccine rollout and, subsequently, to cut waiting lists and speed up cancer diagnosis,” a spokesperson for Palantir said.
A spokesperson for NHS England said the organisation strongly refuted the claims. “The NHS is not sharing private medical records with Palantir. The safe sharing of deidentified data helps the NHS locally and nationally to plan and allocate resources to deliver better services and outcomes for patients more efficiently.”
It also said that Palantir will only operate under the instruction of the NHS when processing data on the platform and “will not control the data” or be permitted to access, use or share it for their own purposes.
Tech Monitor approached the Department of Health and Social Care for comment, but a spokesperson said that it was for “NHS England to comment on.”
Legal action threatened by patient advocacy groups over Palantir work
Many organisations and advocacy groups have raised concerns about Palantir’s growing role in the NHS since the start of the Covid-19 pandemic, when its software was deployed across the service. In the latest legal challenge, three patient advocacy groups have enlisted Foxglove, a technology justice non-profit, to take NHS England to court over its use of Palantir.
The Doctors’ Association UK, National Pensioners’ Convention and Just Treatment have demanded answers from NHS England in a legal letter about the NHS Federated Data Platform, which is currently going through procurement. Palantir, which has already won several tenders to help lay the groundwork for the system, is thought to be in the running for the £480m contract, which was launched in January 2023. The winner will build and run a new data platform for the health service.
The pre-action letter states the potential scope of the Federated Data Platform is far bigger than just being an “operating system for the whole NHS”: “It will include not only GP records but all health data held by hospitals and care – every part of the NHS.” The groups have asked NHS England to confirm what data will be collected for the Federated Data Platform, how the data will be used, how it will be accessed and how private patient data will be protected.
The US company originally secured an NHS contract during the pandemic for the value of £1 to run the “Covid-19 datastore”. Since then, the price of its services has risen to £1m, £23m and then another £11.5m top-up, with no open competition.
Organisations say that Palantir’s corporate values do not align with the NHS, with its history of assisting governments to spy on people. Its chair, tech investor Peter Thiel, also described the British’ love of the NHS as “Stockholm Syndrome” and said officials should “rip it to the ground and start over”.
Two NHS executives have also left the national health service to join the US firm since the start of the pandemic, specifically to aid its lobbying efforts in winning NHS business.
Privacy experts are concerned that NHS England is rushing data sharing with Palantir
Data privacy experts medConfidential have also questioned why the NHS is in such a “rush” to get the patient data uploaded to the Palantir database.
“This isn’t new data, it’s a new system, one that NHS England is currently procuring through a ‘competitive dialogue’ in which they say that incumbency is not a strong predictor of success,” says Sam Smith, who leads on policy at the organisation. “That does not seem credible given the decisions they’re making.”
He believes that NHS England’s forcing the use of Palantir is “toxic” to public confidence in the Code of Practice for Statistics, which outlines standards for how official data should be presented and used. This is because patients are unable to “opt-out” of their information being shared, as it is classified as being for statistical, rather than research, use.
“The opt-out doesn’t apply to statistical purposes – the published figures of how long are waits in hospitals, etc – and NHS England has decided to change to using Palantir to produce the same statistics that they already produce,” Smith says.
He adds: “The concern is from the force and the rush, rather than the data itself. The question is what is NHS England hiding about why this, why now, and why such little clarity?”