Palantir awarded NHS FDP data contract

NHS England has awarded a £330m, seven-year contract to US data specialist Palantir, prompting concerns from data privacy practitioners

Alex Scroxton,
Security Editor

Published: 22 Nov 2023 13:00

NHS England has awarded a £330m, seven-year contract to run its new Federated Data Platform (FDP) to controversial US data platform Palantir, prompting fresh concerns from data privacy practitioners.

The long-anticipated FDP supersedes the Covid-19 Data Store, which also involved Palantir, as well as Google and Microsoft. This platform, stood up in difficult circumstances at the height of the pandemic in 2020, was designed to improve data analytics efforts across the NHS and help the health service act more efficiently in the face of the biggest public health crisis ever seen in the UK.

The FDP is designed to help the NHS tackle the challenges it faces, such as enabling more effective, joined-up care, easing waiting lists, and reducing hospital discharge delays, by linking up key information held in various IT systems across the health service.

NHS England said that by bringing together real-time data, such as information on the number of available beds at a facility, the length of elective waiting lists, staff rosters, available medical supplies and social care places, staff can maximise resources to deliver better frontline care.

It will begin to be rolled-out in the spring of 2024, with the initial slice of investment expected to total around £25.6m, with more made as more NHS Trusts come on-board.

“Better use of data is essential for the NHS to tackle waiting times, join up patient care and make the health service sustainable for the future,” said NHS national director for transformation Vin Diwakar. “Patients come to the NHS at some of the most vulnerable points in their lives, and they want to know that our healthcare teams have access to the best possible information when it comes to their treatment and care.

“This new tool provides a safe and secure environment to bring together data, which enables us to develop and deliver more responsive services for patients and will help the health service drive the recovery in elective care.”

Sensitive data integration

Palantir CEO Alex Karp said: “This award is the culmination of 20 years of developing software that enables complex, sensitive data to be integrated in a way that protects security, respects privacy and puts the customer in full control.

“There is no more important institution in the UK than the NHS, and we are humbled to have now been chosen to provide that software across England to help bring down waiting lists, improve patient care and reduce health inequalities. It builds on our role supporting the delivery of the Covid-19 vaccine and, more recently, helping individual NHS Trusts to schedule more operations.”

NHS England claims that in a number of pilot projects, Trusts using FDP have seen waiting times for planned care and discharge delays fall, and diagnosis and treatment times rise.

It cited the example of North Tees and Hartlepool NHS Foundation Trust, which has reduced long-term stays of 21 days and above by 36% in the face of increased demand, and was able to “welcome” 7.7% more patients through the doors.

Meanwhile, in Dorset, trusts piloting the FDP said they have enabled capacity for 2,500 more surgical treatments every year, and are now booking patients in for appointments much further in advance then they used to be able to, meaning less time is being lost to cancelled consultations.

At London’s Chelsea and Westminster Hospital NHS Foundation Trust, trialling data-sharing has helped oncology teams start to reduce the backlog of cancer patients, onboarding and starting their treatment sooner and hopefully improving their chances of a full recovery. Jeffrey Ahmed, consultant gynaecologist, laparoscopic and robotic surgeon at Chelsea, said: “We have already seen measurable positive impact that helped our team to maximise our resources for the benefit of patients.”

Palantir remains controversial

However, given Palantir’s history, including links to US government agencies that separated immigrant children from their families, and comments made by founder Peter Thiel, who once told an Oxford Union debate that the British people’s relationship to the NHS was something akin to Stockholm Syndrome – a widely discredited and medically unrecognised psychological condition that has little basis in reality – privacy and security campaigners have already expressed their disquiet at the contract award.

Peter Frankental, business and human rights director for the UK at Amnesty International, summed up some of the concerns, describing Palantir as a “very troubling” choice of provider given the controversies in which it has been involved.

“This is not the first hefty contract we’ve seen awarded to Palantir by the Government, which also granted Palantir unprecedented access to the public’s health data records over the course of the pandemic through large NHS tech contracts,” said Frankental.

“There needs to be proper transparency over how these contracts are awarded, particularly in this case, given the huge implications for data protection.

“The public has a right to know what sort of company is being invited in to provide these vital services, and what precisely they intend to do with the data they’re accessing.

“Any NHS public procurement tenderers whose activities have been linked to serious human rights abuses, as is the case with Palantir, should be excluded on grounds of ‘grave professional misconduct’ as permitted under procurement law,” he added.

Frankental called for “cast-iron guarantees” that Palantir will not monetise the health data of UK citizens, and for the public to be reassured they will be able to consent to the use of their data in the FDP, and not have it harvested for other means.

Seeking to allay these concerns, NHS England stressed that no organisation involved in the FDP will be able to access health and care data without its explicit permission, that the health service will retain control over all data held, and that it will only be used for direct care and care planning, not for research purposes. Nor will GP data, the subject of a similarly controversial data store programme, be fed into it.

Moreover, the contract with Palantir expressly forbids any use of patient data for commercial gain, and stipulates that although it will be paid for its services, it will have no right to use patient data except as required by the client.

It will also be the first NHS-based use case of so-called privacy enhancing technologies (PETs), an umbrella term used to describe a number of security-centric techniques and technologies that enhance or maintain system functionality while preserving data integrity.

Dubbed NHS-PET, the health service’s implementation will encompass a “nationally assured and funded” privacy tool designed to benefit all NHS organisations by ensuring it can “meet the highest technical standards of security for managing patient data, supported by robust information governance and data protection processes”. It is understood that NHS-PET will be put in place before any data flows into the FDP.

The contract to run NHS-PET has separately been awarded to IQVIA, a healthcare data specialist.