Become a TechRadar Insider
- NHS England grants 'unlimited access' to external contractors
- Contractors previously had to request access to specific data
- Companies working on the Federated Data Platform, such as Palantir, will have a new 'admin' role created to access patient data
NHS England has allowed external contractors to receive “unlimited access” to identifiable patient data.
The access has been granted to external staff from Palantir and other companies working on the Federated Data Platform (FDP). The FDP’s National Data Integration Tenant (NDIT) links fragmented data from multiple NHS systems into a single centralized platform.
There has been outspoken opposition to Palantir’s contract with the NHS due to the company’s work with the US Immigration Customs Enforcement (ICE) agency and ties to military and intelligence gathering projects.
Palantir to handle identifiable patient data
An internal briefing note seen by the Financial Times outlined that the NDIT is a “safe haven for data” before it is “pseudonymised” and moved through the FDP.
In order for external contractors to access the NDIT, NHS England is set to create a new “admin” role which “permits unlimited access to non-NHSE staff”, including access to patient data before it is pseudonymised.
Previously, a contractor would have to request access to specific data sets. Now, contractors have requested to hold the same level of access to patient data as an NHS worker with security clearance. The request was made “as it is too inconvenient to apply for all of the necessary individual CDAs”.
The note further outlined that this access would be limited to a small number of non-NHS staff. It also explained that “being sure exactly who is accessing what patient-identifiable data at any one time” is key to helping the NHS meet its five “data promises”. The note added that, “the more people have unrestricted access, the less that aim can be met.”
An NHS England spokesperson said: “The NHS has strict policies in place for managing access to patient data and carries out regular audits to ensure compliance — including monitoring the work of engineers helping to set up the central data collection platform that will track NHS performance and help improve care for patients.”
“Anyone external requiring access must have government security clearance and be approved by a member of NHS England staff at director level or above.”
Some NHS staff members have refused to use the FDP over their ethical concerns about Palantir’s involvement with sensitive patient data, with others stating that the FDP is “awful” to use.
A Palantir spokesperson said: “To the NHS, and all our customers, we are designated by law as a ‘data processor’, with our customers “data controllers”.
“That means that Palantir software can only be used to process data precisely in line with the instruction of the customer. Using the data for anything else would not only be illegal but technically impossible due to granular access controls overseen by the NHS.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
