Data Guardian Requests Clarification on Palantir’s Access to Patient Data

Key Takeaways

NDG questions NHS England about how Palantir staff accessed identifiable patient data.
Concerns from the public prompted the review of the FDP’s data access policies.
Patients currently cannot opt out of data usage for direct care within the FDP.

NDG Raises Concerns Over Patient Data Access by Palantir

The National Data Guardian (NDG), led by Dr Nicola Byrne, is seeking clarification from NHS England regarding the access of identifiable patient data by staff from Palantir, a contractor involved in the federated data platform (FDP). The inquiry follows numerous public concerns stemming from the Not With My NHS Data campaign, which highlighted issues regarding external contractors’ roles in accessing sensitive patient information.

In a statement released on June 3, 2026, Dr Byrne noted that the Data Protection Impact Assessment (DPIA) for the FDP indicated that access to identifiable patient data should be strictly limited to NHS personnel with legitimate needs. However, recent media reports, supported by confirmation from the FDP program team, suggest that some external contractors, including Palantir staff, have gained access to identifiable patient information, contrary to the DPIA assurances.

The NDG has formally requested clarification on what it described as an inconsistency between the DPIA and current practices. Dr Byrne emphasized the need for accurate and consistent information to be reflected in public-facing materials, aiming to enhance transparency and trust.

An NHS England spokesperson reaffirmed the organization’s commitment to strict data access policies and transparency regarding patient data usage. They confirmed they are collaborating with the NDG to address these concerns and are in the process of updating the DPIA to ensure compliance with the latest standards.

The FDP is a significant project, awarded to Palantir under a £330 million contract in November 2023. Concerns about access levels arose recently when reports indicated that NHS staff perceived Palantir employees to have ‘unlimited access’ to identifiable patient information while working on the FDP. However, Louis Mosley, Palantir’s executive vice chair in the UK, clarified in a social media post that the term ‘unlimited’ refers to specific technical permissions within a limited staging environment, not across the entire NHS patient data network.

Additional worries surfaced when NHS staff reported that Palantir engineers were provided with NHS email accounts, raising further questions about data security and access management. The NDG has clarified that while it serves as an advisory body without enforcement powers, it has been actively providing guidance to the Department of Health and NHS England throughout the FDP program’s development.

On the topic of patient consent, the NDG noted that the national data opt-out does not apply to the FDP, as its use is focused on direct care delivery and operational management within the NHS. Patients currently do not have the option to opt out of having their data utilized in this capacity.

Dr Byrne concluded by reaffirming her office’s commitment to scrutinizing the FDP program and addressing concerns through relevant independent advisory groups. The NDG aims to ensure the responsible use of data in NHS operations while fostering accountability and transparency in data handling practices.

The content above is a summary. For more details, see the source article.