NHS warned not to trust US spy-tech firm Palantir with patient data
A comprehensive new report has urged NHS trusts to prevent US company Palantir from taking control of their healthcare data, despite the government pushing the plan.
Palantir, a US data analytics company that delivers technology controversially leveraged in warfare across the world, is seeking to accumulate and centralise all NHS data on a single platform.
This Federated Data Platform was established in conjunction with the UK government and is endorsed by Health Secretary Wes Streeting, who has encouraged NHS trusts, ICBs, and NHS England to onboard the platform and allow it to analyse health data on a national scale.
Health Charity Medact has published a briefing warning of the dangers of entrusting public healthcare data to Palantir, which has been alleged to have contributed through its technological solutions to war crimes, mass surveillance practices, and human rights abuses.
The briefing was circulated amongst NHS Trust Boards, Integrated Care Boards (ICBs), and other relevant organisations, and is endorsed by the Good Law Project, Privacy International, Just Treatment, Corporate Watch, United Tech and Allied Workers Union, and supported by Amnesty International.
In warning of the risks of Palantir accessing UK health data, Medact cited the risk of participating trusts and NHS England being indirectly linked to Palantir’s alleged human rights abuses, as well as concerns over the ability for pseudonymous patient data to protect patient identities from the US company’s data processing systems.
The risks of Palantir’s Federated Data Platform
The Federated Data Platform (FDP) is a platform created and operated by Palantir to consolidate all healthcare data in England onto a single platform, providing the ability to analyse health data on a national level.
It’s purported purpose is to help NHS staff make better decisions about patient care and service planning, but Medact highlights that the confidential information available to this system could result in data-driven abuses of power by both Palantir and the UK government.
The FDP is built on Palantir’s Foundry system architecture that underpins several of its products, which means the platform is highly interoperable with the company’s other systems. Medact argues that this increases the risk of sensitive UK health data being exposed to software such as Gotham, a military software package enabling automated drone attacks.
NHS England is already connected to the FDP, with its data made available to Palantir’s platform. This is not yet fully operational, however, and the contract is up for review in early 2027, which will give the organisation the opportunity to remove Palantir from its data infrastructure.
The rollout of the FDP to other trusts and ICBs in England has been encouraged by the government to improve efficiency and increase the platform’s effectiveness, but adoption is not mandatory, and local health bodies are able to make their own decision on whether to connect to the FDP.
In its briefing, Medact has advised all relevant health bodies in the country to therefore refuse to implement FDP in their local data systems.
It said that not only does adoption of Palantir’s platform place confidential data at risk of exploitation and abuse, but it will also lead to a lack of public trust in the NHS due to reputational damage and a perceived clash between the values of the health service and Palantir.
Medact recommends that local health institutions urge NHS England to end its contract with Palantir and adopt in-house or open-source software as a first priority for data solutions.
“The Federated Data Platform is not fully operational at this time, and is rarely essential to patient care or Trust or ICB operations,” Medact said.
“The current moment is therefore critical for highlighting concerns and urging decision makers to reconsider the contract with Palantir.”
