Union Safety Banner
 
Union Safety Sub Banner
 

NHS Grants US Spy Company Palantir Staff Sweeping Access To Patient's Identifiable Medical Records

 

NHS England has quietly approved "unlimited access" to identifiable patient records for external contractors — including employees of US tech firm Palantir — working on its flagship data platform.


The move, revealed in an internal briefing document, applies to the National Data Integration Tenant (NDIT), a secure area within the Federated Data Platform (FDP) where patient data is held before being anonymised. Palantir won a £330 million contract in 2023 to build the FDP, which links disparate NHS data into a single system.


Under the new arrangement, an "admin" role has been created giving non-NHS staff unrestricted access to the NDIT — a significant departure from the previous system, which required individuals to apply separately for access to specific datasets. The briefing, written by a senior NHS data official in April, acknowledged that the change carries a "risk of loss of public confidence" in how patient data is handled.


The document noted that external workers had sought the broader permissions because applying for individual data access rights was "too inconvenient." It also flagged public anxiety about Palantir's role specifically: "There is currently considerable public interest and concern about how much access to patient data Palantir/Palantir staff have."


Palantir's involvement in the FDP has been contentious from the outset. The Silicon Valley firm, co-founded by Peter Thiel, has deep ties to the US defence and intelligence communities, and has more recently been contracted to support immigration enforcement under the Trump administration — work that has alarmed many NHS staff and patient advocates. Co-founder and chief executive Alex Karp has been a vocal supporter of Donald Trump, adding to unease among healthcare workers about the company's values and priorities. Some NHS staff have refused outright to work on the FDP on ethical grounds.


Critics argue the latest data access decision compounds those concerns. Martin Wrigley, a Liberal Democrat member of the House of Commons technology committee, said the episode demonstrated that data security was not "at the heart" of the FDP project, and that the public would be "rightfully concerned."


NHS England said all external staff must hold government security clearance and be approved by a director-level employee, adding that it carries out regular audits to ensure compliance. Palantir said it is legally designated as a "data processor" and can only handle data according to customer instructions, adding that using it for any other purpose would be "technically impossible" due to access controls overseen by the NHS.


The controversy comes as ministers are reported to be exploring whether to trigger a break clause in Palantir's contract — a sign of the growing political pressure surrounding the deal.

 

Source: FT (Paywall)

 

See also:

 

NHS Privatisation News Archive

 

Body text goes here.

 

Source:

 
Back to News


Designed, Hosted and Maintained by Union Safety Services