Britain’s state-run National Health Service (NHS) is giving staff from companies including Palantir Technologies “unlimited access” to identifiable patient data while they work on its flagship National Data Integration Tenant (NDIT) platform, according to a report published Monday by the Financial Times.
NHS England has agreed to create an “admin” role that grants non-NHS staff unrestricted access to the NDIT and identifiable patient information, the report said, citing an internal briefing document.
The NDIT operates within the Federated Data Platform, a system designed to connect separate NHS datasets into a unified network.
Reuters reports: An NHS spokesperson said Britain’s health service has “strict policies” governing access to patient data and conducts regular audits to ensure compliance.
Any external access requires government security clearance and approval from a director-level official, the spokesperson added.
Palantir is legally designated as a “data processor”, while its customers are “data controllers”, meaning its software can process data only in line with customer instructions, a spokesperson for the firm said.
Any other use would be illegal and “technically impossible” due to access controls overseen by the NHS, the spokesperson added.
Palantir won a 330 million pound ($448 million) contract to develop the NDIT in 2023. It has also secured contracts with Britain’s Defence Ministry and Financial Conduct Authority, deals that have drawn scrutiny due to its work with U.S. government defence agencies.
“There is currently considerable public interest and concern about how much access to patient data Palantir/Palantir staff have,” the briefing note viewed by the FT said.
The note recommends a time-limited and regularly reviewed cap on the number of external admins with access to the NDIT, it added.
Officials confirmed to the FT that the recommendation in the briefing note had been accepted in recent weeks but said it would apply to only a small number of non-NHS staff.