The health service needs to think carefully about letting private data firms with little accountability to UK citizens gain access to their health data, the head of legal advocacy organisation Cori Crider has argued in a blog post on openDemocracy, an independent media platform. 

Crider was referring to NHS England’s plan to create a Federated Data Platform (FDP) that would consolidate hospital, GP and even social care records in a single data base.  US data analytics firm Palantir is currently the leading bidder for the £480 million programme. “If it goes ahead as envisaged, the FDP will be the largest single point of access to patient data this country has ever seen,” Crider wrote. 

In a debate that closed last week’s Digital Health Rewired 2023 conference, Crider and Dr. Marcus Baw, a GP and health IT specialist, reserved some of their harshest criticism for health service authorities, who declined to participate in the debate; they said NHS England had provided little transparency about how the database would work and why such a system was necessary 

In her blogpost, Crider said: “There’s so much the government won’t say about it. Like exactly what shape it will take or what purposes it will eventually serve; what it will eventually cost; who will have access; or how patient choice and consent will be honoured.” 

The NHS is facing thousands of care vacancies and 3,000 vacant tech roles – preventing the service from evolving to meet future needs, Crider wrote, but is proposing to spend close to half a billion pounds on a database rather than coming up with a credible workforce plan.   

FDP, she said, also “runs the risk of stealing oxygen – and funding – from other critical work already underway to help the NHS join up its patient data for good.” Among the projects she cited were openSafely, a flagship open-source national data platform for health research developed by a team including physician and director of the Bennett Institute for Applied Data Science at the University of Oxford, Ben Goldacre.   

Crider also said it would be difficult for NHS England to exit a Palantir system once it committed to using it.  She said: “The technical architecture is proprietary – and other government agencies have struggled to get off Palantir when they’ve tried. Having a single supplier to help you join up data and analyse it also risks creating a dangerous private monopoly over vital NHS infrastructure.” 

OpenDemocracy, in a separate blog last week, emphasised these risks as well as echoing doubts that the company’s culture would conflict with that of the NHS; it noted that Palantir received some of its start-up funding from the CIA and has worked extensively for police and intelligence agencies. 

New database a concern 

It referred to a letter that health service finance chief Julian Kelly sent last month, giving NHS trusts until the end of March to begin uploading patient information to a new central database that uses Palantir’s Foundry software. 

The new database, piloted in June 2022, collects daily information about hospital patients, including their dates of birth, postcodes and detailed medical histories. The data was previously held by individual trusts and shared less frequently, the openDemocracy blog said. 

“The instruction came despite a government pledge, made after openDemocracy sued the Department of Health and Social Care in 2021, to consult the public before agreeing to work with Palantir again,” it added. 

The blog noted that NHS England had told openDemocracy it would alter or remove identifiable personal information before it was passed to Palantir and that Palantir also insisted that it does not have access to any “identifiable medical records”. 

But the organisation said it had obtained an NHS document showing that the company will “collect and process confidential patient information”. It is not clear what, precisely, this processing entails, openDemocracy said.