Health minister apologises for NHSE error on FDP data access
- 18 June 2026
- Preet Kaur Gill, health innovation and safety minister, has apologised after NHS England provided incorrect information to the National Data Guardian about Federated Data Platform access
- She told the Health and Social Care Committee that the issue was a documentation error and did not affect the platform’s access controls or safeguards
- Concerns about third-party access to patient data follow ongoing scrutiny of Palantir’s role in delivering the FDP
Health innovation and safety minister Preet Kaur Gill has said she is “very sorry” after being questioned by MPs about NHS England’s handling of information provided to the National Data Guardian (NDG) on access to patient data within the Federated Data Platform (FDP).
Appearing before the Health and Social Care Committee on 16 June 2026, Gill was challenged over concerns that NHS England had incorrectly described who could access identifiable patient information within the FDP.
The concerns relate to NHS England documentation submitted to the NDG, which incorrectly described who could access identifiable patient data within parts of the FDP.
Martin Wrigley, MP for Newton Abbot, raised concerns about reports that identifiable patient data was flowing into the national FDP system and that Palantir engineers and others could obtain administrative access when required. Similar concerns were raised earlier this month by the NDG.
Gill said: “Well, firstly, can I say I’m very sorry that happened. But nobody has access to the system without having a legitimate purpose and all access is time limited.
“It’s audited, you know who would have access, what they needed it for.”
The minister said the issue related to how access arrangements had been described in NHS England documentation rather than the access controls themselves.
“There was an error by NHS England that meant that the Data Protection Impact Assessment that was referred to, NHS staff, rather than clarifying that actually the access was for authorised users and support staff,” Gill told MPs.
“I know that NHS England has now reviewed that information and is strengthening the impact assessment to obviously make sure it aligns with the best data protection service.”
Gill said NHS England had responded to concerns raised by the NDG and was “working with her to provide more information and make sure that we implement her recommendations as she has shared”.
When pressed on whether the incident undermined confidence in NHS governance arrangements, Gill argued that the issue did not alter who could access information within the platform.
“It didn’t change who has access to the data, it just improved the description of who has access,” she said.
Later in the session she reiterated: “It was a mistake in terms of the language that was written about who has access, but the safeguards in place in the contract means that you can audit and see who used what and for what purposes on a time-limited basis.”
Gill also sought to reassure the public about the FDP’s governance model.
“The NHS does remain in control of NHS data,” she said. “It is data that has already existed, but in different systems.”
The minister said public confidence remained critical to the programme: “As I said, in the end, the public trust really matters, as you know, with all of this stuff.”
She added that she wanted “to assure the British public… that the data is secure because the NHS is the data controller”.
The FDP is being delivered by Palantir under a £330m contract awarded in November 2023.
Last month, Digital Health News reported that the NHS was granting staff from companies including Palantir ‘unlimited access’ to identifiable patient data while working on the FDP.
Louis Mosley, executive vice chair of Palantir UK, wrote on X in May: “The ‘unlimited’ access referred to in the technical design document… is a specific technical permission inside one staging environment – NHS England’s NDIT. It is not unlimited access to NHS patient data.”
