MPs Sound Alarm Over Palantir’s Access to NHS Patient Data
The decision by NHS England to grant the US technology firm Palantir access to identifiable patient records has triggered a storm of controversy among Members of Parliament and privacy advocates alike. This unprecedented move allows Palantir, alongside other contractors, to view NHS patient information before it undergoes pseudonymisation, a process designed to anonymise sensitive data. Critics warn this access creates serious risks to patient confidentiality and threatens to erode public trust in how the NHS handles personal medical information.
At the heart of the debate lies the question of whether the benefits of leveraging cutting-edge data analytics justify exposing sensitive patient details to a private company with a contentious history. As the NHS embraces artificial intelligence and big data to enhance healthcare delivery, the tension between innovation and privacy protection has never been more acute.
Understanding NHS England’s Data Access Framework
Leaked internal briefings published by the Financial Times have shed light on the scale and nature of Palantir’s access. The company has been given what the documents describe as “unlimited access to non-NHSE staff” for parts of the NHS’s federated data platform (FDP). This platform, established under a substantial £330 million contract awarded to Palantir, is designed to unify disparate NHS datasets through advanced AI tools. The goal is to streamline patient care pathways, optimize resource allocation, and boost overall NHS performance.
While the FDP promises to transform healthcare data management, the briefing acknowledges “considerable public interest and concern” regarding the level of access Palantir has to identifiable patient information. Unlike typical pseudonymised datasets, which mask patient identities, this arrangement permits Palantir and contractors to handle raw data containing direct identifiers such as names and NHS numbers.
This access raises fundamental questions about data governance and accountability, particularly given the sensitive nature of medical records. The NHS’s own documents emphasize the necessity for strict control and oversight, yet critics argue these measures are insufficient to safeguard patient privacy.
Why Palantir’s Involvement Stokes Concern
Palantir’s track record intensifies these worries. The company has been deeply involved in contentious US government operations, including providing data analysis tools to Immigration and Customs Enforcement (ICE) under the Trump administration and supporting military agencies worldwide. These associations have painted Palantir as a company entwined with surveillance and enforcement activities rather than healthcare or patient advocacy.
Given this background, many fear that Palantir’s expanded role in the NHS could compromise the ethical handling of patient data. The stakes are high, as medical records are among the most sensitive types of personal data, requiring the utmost protection against misuse or unauthorized access.
Calls for Transparency, Consent, and Oversight
The Patients Association has voiced strong objections to the NHS’s failure to consult patients before extending such broad data access. CEO Rachel Power stressed the fundamental right of patients to know who accesses their data and to have a say in how it is used. “Patients demand transparency, clear boundaries around access to their data, and to be consulted when changes to those agreements are proposed,” she said.
Political Voices Demand Immediate Action
Labour MP Rachael Maskell, a former NHS worker, has emerged as a vocal critic of the project. She called for an immediate halt to Palantir’s growing involvement, warning that “as Palantir get their claws deeper into our NHS data, it opens the door to greater private interests.” Maskell highlighted the risk that the NHS could increasingly serve commercial objectives rather than public health priorities if adequate safeguards are not implemented.
NHS England’s Defense and Security Protocols
In response to the mounting criticism, NHS England insists it tightly controls access to patient data. Only a limited number of personnel working on the FDP platform have clearance, and all must hold government security clearance. NHS England claims it enforces “strict policies in place for managing access to patient data” and conducts regular audits to ensure compliance with data protection laws.
External contractors like Palantir undergo close monitoring, with every instance of access to identifiable data during system maintenance or pipeline work logged and restricted. NHS England emphasizes that Palantir functions strictly as a “data processor,” operating under NHS direction and not as a “data controller.” This distinction means Palantir’s software can only use data according to NHS instructions. The company asserts that any attempt to use patient data beyond these parameters would be illegal and technically blocked by granular access controls overseen by NHS authorities.
Rising Public Distrust and Intensifying Political Scrutiny
Despite official reassurances, public confidence in Palantir’s role within the NHS is waning. Recent polling indicates that over two-thirds of UK citizens are concerned about Palantir’s expanding portfolio of government contracts. Specifically, 40% of respondents express distrust in Palantir’s ability to handle NHS patient data responsibly.
Martin Wrigley, a Liberal Democrat member of the House of Commons technology select committee, sharply criticized NHS England’s approach. He described the project as lacking “security by design” and warned that “the public has every right to be concerned that data privacy is not the top priority.” Wrigley’s comments echo a broader unease about the NHS potentially prioritizing technological advancement over fundamental privacy protections.
Advocacy Groups Demand Palantir’s Removal
Tom Hegarty, communications lead at the technology equity advocacy group Foxglove, condemned Palantir’s involvement in the NHS. He argued that “NHS patients never consented to have their data accessed by a company whose record is in targeting people rather than caring for them.” Hegarty called for the government to “cut Palantir out of our NHS once and for all,” underscoring the strong opposition from civil society groups.
Palantir’s Expanding Footprint Beyond Healthcare
Palantir’s influence in UK public services is not limited to healthcare. The Guardian recently reported that the company is close to securing a deal with the Metropolitan Police to provide AI-driven intelligence analysis tools for criminal investigations. This development has sparked widespread opposition from both the public and some Members of Parliament, who fear the erosion of privacy and civil liberties through increased surveillance.
Balancing Innovation with Privacy in the NHS
The NHS’s adoption of AI and big data analytics symbolizes a broader push to modernize and improve healthcare delivery across the UK. While the potential benefits in terms of efficiency, personalized care, and system-wide improvements are substantial, the deepening access granted to Palantir raises urgent questions about data privacy, transparency, and trust.
The government and NHS leadership now face a critical challenge: to ensure that technological innovation does not come at the expense of patient confidentiality. Maintaining public confidence requires greater transparency, robust oversight, and clear patient consent mechanisms. How the NHS navigates this balance will shape the future relationship between citizens and their healthcare system in the digital age.
