NHS hands Palantir staff “unlimited access” to identifiable UK patient data in major privacy U-turn

NHS England has quietly granted external staff from Palantir and other consultancy firms broad “admin” access to identifiable patient data, a significant departure from previous security practices on its flagship data project.

The move, detailed in an internal briefing note seen by the Financial Times, applies to the National Data Integration Tenant (NDIT) – described as a “safe haven” where raw patient data is held before being pseudonymised and moved elsewhere in the Federated Data Platform (FDP).

Palantir Technologies won the £330 million contract to build the FDP in 2023.

The platform aims to connect disparate NHS systems, helping track performance, reduce waiting lists, and improve patient care.

Under the new arrangement, NHS England will create an “admin” role that gives non-NHS England staff “unlimited access” to the NDIT and the identifiable patient information it contains.

Previously, every individual, including external contractors, had to apply for specific, time-limited access to individual datasets.

The April briefing note, written by a senior NHS data official, openly acknowledges the change was driven by external workers finding the old process “too inconvenient”. It also warns of the risks.

Granting these enhanced permissions “could mean there is a ‘risk of loss of public confidence’ when it comes to safeguarding patient data”, the document states.

It adds: “This is not only about Palantir… but there is currently considerable public interest and concern about how much access to patient data Palantir/Palantir staff have.”

Officials have accepted the recommendation but say it will apply to only a small number of external staff, with access time-limited and regularly reviewed. A cap on the number of external admins will also be put in place.

Palantir’s involvement in the NHS has become increasingly contentious.

The US firm, known for its work with defence and intelligence agencies, has faced criticism over its role in US immigration enforcement and its co-founder Alex Karp’s vocal support for Donald Trump. Some NHS staff have reportedly refused to work on the FDP over ethical concerns.

UK also held talks with Palantir on small boats crackdown

The Home Office also held preliminary discussions with Palantir last summer over a potential role for the AI firm in Britain’s border security operation.

Executives from Palantir met Martin Hewitt, then the UK’s Border Security Commander, to explore how the company’s data analysis software might support the government’s effort to disrupt people smuggling gangs.

The meeting, recorded in government transparency disclosures, was described by a source as a “limited scoping exercise” with no procurement negotiations taking place. Hewitt has since been replaced by Duncan Capps, a former British Army officer.

Palantir also met Simon Bond, the civil servant leading the Home Office’s digital immigration control programme, alongside other technology companies.

Border Security Command, launched by Labour following its 2024 election win, sits across Border Force, the National Crime Agency, Immigration Enforcement, and the Security Service.

The unit carries a budget of more than £280 million and holds a mandate to deploy “new technology and cutting-edge surveillance equipment” against criminal gangs.

Now read: £10 billion NHS overhaul ends patients repeating medical history at appointments