- NHS England grants ‘unlimited access’ to external contractors
- Previously, contractors had to request access to specific data.
- Companies working on the federated data platform, such as Palantir, will have a new “admin” role created to access patient data.
NHS England has allowed external contractors to receive “unlimited access” to identifiable patient data.
Access has been granted to external staff from Palantir and other companies working on the Federated Data Platform (FDP). The FDP’s National Data Integration Tenant (NDIT) links fragmented data from multiple NHS systems into a single centralized platform.
There has been open opposition to Palantir’s contract with the NHS due to the company’s work with the US Immigration and Customs Enforcement (ICE) agency and its ties to military and intelligence-gathering projects.
Palantir will handle identifiable patient data
An internal briefing note seen by the Financial times He highlighted that the NDIT is a “safe haven for data” before it is “pseudonymized” and transferred through the FDP.
To allow external contractors to access NDIT, NHS England will create a new “admin” role that “allows unlimited access to non-NHSE staff”, including access to patient data before it is pseudonymised.
Previously, a contractor would have to request access to specific data sets. Contractors have now asked to have the same level of access to patient data as an NHS worker with security clearance. The request was made “as it is too inconvenient to apply for all the necessary individual CDAs.”
The note further highlighted that this access would be limited to a small number of non-NHS staff. He also explained that “being sure of who is accessing exactly what identifiable patient data at any given time” is key to helping the NHS deliver on its five “data promises”. The note adds that “the more people have unrestricted access, the less this goal can be achieved.”
A spokesperson for NHS England said: “The NHS has strict policies in place to manage access to patient data and carries out regular audits to ensure compliance, including monitoring the work of engineers who help set up the central data collection platform that will track NHS performance and help improve patient care.”
“Any external person requiring access must have government security clearance and be approved by a member of NHS England staff at director level or above.”
Some NHS staff have refused to use the FDP over ethical concerns about Palantir’s involvement with sensitive patient data, with others claiming that the FDP is “awful” to use.
A Palantir spokesperson said: “For the NHS and all our customers, the law designates us as ‘data processors’, and our customers are ‘data controllers’.
“That means the Palantir software can only be used to process data in accordance with the customer’s instructions. Using the data for anything else would not only be illegal but technically impossible due to granular access controls overseen by the NHS.”
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
