- NHS England gives ‘unrestricted access’ to external contractors
- Contractors previously had to request access to specific data
- Companies working on the Federated Data Platform, such as Palantir, will have a new ‘admin’ role created to access patient data
NHS England has allowed external contractors to receive “unrestricted access” to identifiable patient data.
Access is granted to external personnel from Palantir and other companies working on the Federated Data Platform (FDP). FDP’s National Data Integration Tenant (NDIT) connects fragmented data from multiple NHS systems into a single, centralized platform.
There has been vocal opposition to Palantir’s contract with the NHS because of the company’s work with the US Immigration Customs Enforcement (ICE) agency and ties to military and intelligence-gathering projects.
Palantir to handle identifiable patient data
An internal briefing note seen by Financial Times outlined that NDIT is a “safe haven for data” before it is “pseudonymized” and moved through the FDP.
To allow external contractors to access NDIT, NHS England is set to create a new “admin” role which will “allow unrestricted access to non-NHSE staff”, including access to patient data before it is pseudonymised.
Previously, a contractor had to request access to specific data sets. Now contractors have requested to have the same level of access to patient data as an NHS staff member with security clearance. The request was made “as it is too inconvenient to apply for all the required individual CDAs”.
The note further outlined that this access would be limited to a small number of non-NHS staff. It also explained that “being sure of exactly who has access to which patient identifiable data at any time” is key to helping the NHS meet its five “data promises”. The memo added that “the more people have unrestricted access, the less this goal can be achieved.”
An NHS England spokesman said: “The NHS has strict policies in place for managing access to patient data and carries out regular audits to ensure compliance – including monitoring the work of engineers helping to set up the central data collection platform that will track NHS performance and help improve care for patients.”
“Any external person requiring access must have a government security clearance and be approved by a member of NHS England staff at director level or above.”
Some NHS staff have refused to use FDP due to their ethical concerns about Palantir’s involvement with sensitive patient data, while others say FDP is “terrible” to use.
A Palantir spokesman said: “For the NHS and all our customers, we are designated by law as a ‘data processor’ with our customers’ “data controller”.
“This means that Palantir software can only be used to process data precisely in accordance with the customer’s instructions. Using the data for anything else would not only be illegal, but technically impossible due to detailed access controls overseen by the NHS.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
