Palantir staff being issued NHS email accounts sparks concerns

Concerns have been raised by NHS staff that engineers working for Palantir have been issued NHS email accounts.

US software data analytics firm Palantir signed a £330m contract in 2023 to provide the federated data platform (FDP), which connects data across NHS organisations.

According to The Guardian, at least six Palantir employees have been granted the same access as employees using NHS.net email accounts, including access to NHS SharePoint filesharing systems and internal Microsoft Teams groups.

If provided without restrictions, an NHS.net account enables access to staff details on the NHSmail portal, including role, location, workplace and mobile number.

Although the use of NHS email accounts by private contractors is not unusual, there has been protest from clinicians and human rights groups about Palantir’s provision of surveillance software to government agencies including the United States Immigration and Customs Enforcement.

Duncan McCann, technology and data lead at Good law project, told Digital Health News: “By handing Palantir employees NHS email addresses, the government isn’t just buying software; it is inviting a global surveillance giant to embed itself into the heart of our public health service.

“This ‘digital camouflage’ allows private contractors to operate under the radar and appear to be NHS employees, while at the same time giving them access to 1.5m NHS workers personal data.

“We should be deeply alarmed when the lines between a public service and a spytech giant become this blurred.”

Sam Smith, policy lead at campaign group medConfidential, said: “NHS doctors keep their contact details up to date in case they’re needed to help keep a patient alive.

“All NHS staff deserve to know whether their details were extracted for Palantir’s corporate purposes by the Palantir staff who are indistinguishable from corporate spies.”

In response to concerns, a spokesperson for Palantir said: “This is normal practice for government suppliers.

“Indeed the government’s own guidance states that using government systems is more secure than suppliers using their own systems.

“But what is vital to understand alongside that guidance is that – while Palantir is proud of how our software has helped deliver 110,000 additional operations, a 15.3% reduction in discharge delays and a 6.8% increase in the number of people finding out whether or not they have cancer within 28 days of referral – our role is to provide software.

“How that software is used is entirely under the control of the NHS with data only able to be processed in accordance with their strict instructions.”

A review of NHS England’s contract with Palantir is due in early 2027, but government officials are reported to be considering triggering a break clause.

However, according to an internal memo seen by the Financial Times, Ming Tang, interim chief digital and information officer at NHSE is pushing to ensure that hospitals fully use the FDP’s capabilities.

In the memo, Tang, who will leave NHSE this month, wrote: “While media and campaign groups continue to raise questions about our technology supplier, the programme is focused on the evidence: the FDP is delivering.”

A spokesperson for NHSE said: “All suppliers, including Palantir, and their staff operate only under NHS instruction, with all data access remaining under NHS control and governed by strict contractual confidentiality obligations.”