MPs Warn Palantir’s £330m NHS Data Deal Risks Public Trust

NHS England approved Palantir’s access to identifiable patient information while constructing a central data platform designed to link GP, hospital, and social‑care records. Internal briefings warned that allowing unlimited access to non‑NHS staff could erode confidence if safeguards fail. Palantir says it acts only as a data processor under strict NHS controls and cannot repurpose the data. The federated platform aims to cut duplicate testing and speed up clinical decision‑making by providing a unified view of patient histories.

- Palantir secured a £330 million contract to develop the NHS federated data platform, which will host AI tools for integrating disparate health datasets. - A recent poll shows 66 % of UK adults are concerned about Palantir’s expanding public‑sector work, and 40 % distrust the firm not to access NHS patient data. - MP Rachael Maskell, a former NHS worker, warned that deeper Palantir access to NHS data is a “dangerous development” and urged the government to intervene before trust is lost. - The polling data come from an observational survey; they reveal correlation between public concern and the contract but do not prove causation. - NHS England states that external consultants must hold government security clearance and be approved by a director‑level NHS staffer, with regular audits of access logs. - NHS England reiterated that personal data must remain protected and within the NHS at all times, despite external staff accessing identifiable information during setup.

Public skepticism may slow clinician adoption of the federated platform and increase pressure on NHS England to tighten oversight and transparency. Patients should review privacy notices, ask about opt‑out mechanisms, and monitor any changes to data‑access policies published by their local NHS trust. While proponents cite efficiency gains, critics argue that any expansion of private‑sector access raises function‑creep risks that outweigh uncertain benefits. Policymakers may need to commission independent audits, publish real‑time access logs, and consider legislative clarification on data‑processor versus data‑controller roles.