Skip to content

Palantir’s access to identifiable NHS England patient data is ‘dangerous’, MPs say

Chimera readability score 68 out of 100, Academic reading level.

MPs have warned that an NHS decision to grant Palantir access to identifiable patient information in its plan to use AI to improve the health service is “dangerous” and will fuel public fears that data privacy is not being prioritised.
NHS England has allowed staff from the US tech firm and other contractors to access patient data before it has been pseudonymised, despite internal fears of a “risk of loss of public confidence”, the Financial Times reported.
The health service made the move to allow Palantir to access the data in recent weeks according to the reports, which revealed an internal NHS briefing that said it would allow “unlimited access to non-NHSE staff” to part of the NHS’s federated data platform (FDP), which holds identifiable patient information.
Palantir, which also supports Donald Trump’s ICE immigration crackdown and the Israeli, US and UK militaries, was awarded a £330m contract to help build the FDP, installing AI systems to integrate scattered health datasets and bring efficiencies to medical treatment. But the deal has been dogged by warnings from campaigners and MPs concerned about the security of patient records.
The Patients Association said it was concerned patients were not consulted on a significant change to who has unlimited access to patient data. Rachel Power, its chief executive, said patients wanted “transparency, clear boundaries around access to their data, and to be consulted when changes to those agreements are proposed”.
The leaked NHS England briefing acknowledged the “considerable public interest and concern about how much access to patient data Palantir/Palantir staff have”. In 2023, shortly after the deal was agreed, NHS England said it would ensure “personal data remains protected and within the NHS at all times”.
NHS England stressed external consultants requiring data access must have government security clearance and that it had “strict policies in place for managing access to patient data”. With hundreds of different datasets in the FDP system, it was becoming time-consuming for contractors, including Palantir engineers, to apply for individual permissions. Instances when they did see identifiable patient data while working on the system’s “pipelines” were logged. They did not have permission to remove the data from the NHS, Palantir said.
But the MP Rachael Maskell, a former NHS worker who is calling for the Palantir project to be stopped, said: “As Palantir get their claws deeper into our NHS data we can see how it is opening it up to greater private interest. This is a dangerous development and I ask the government to get a grip on this project before it is too late.”
Palantir said it was a “data processor” and not a “data controller”, meaning its software could only be used to process data precisely in line with customer instructions. “Using the data for anything else would not only be illegal but technically impossible due to granular access controls overseen by the NHS,” it said.
Martin Wrigley, a Liberal Democrat member of the Commons technology select committee, said of the NHS move: “This somewhat cavalier attitude to data security demonstrated how this whole project does not have security by design at its heart. The public will be rightfully concerned that data privacy is not the first concern.”
Palantir is facing opposition to its widening role in the UK public sector. Last month the Guardian revealed the company was closing in on a deal to widen its work with the Metropolitan police to use AI to analyse intelligence in criminal investigations, while hundreds of thousands of citizens and numerous backbench MPs oppose its role.
Polling last week showed more than two-thirds of the UK public are concerned at Palantir’s growing number of public contracts and 40% distrust it to not access NHS patient data, despite the company repeatedly saying it cannot and will not do so.
Tom Hegarty, the head of communications at Foxglove, a tech equity campaign group, said: “NHS patients never consented to have their data accessed by a company like Palantir whose record is in targeting people, not caring for them … Once again: Palantir fails the trust test. The government should … cut Palantir out of our NHS once and for all.”
NHS England said access would be given to a small number of people working on the new data collection platform.
A spokesperson said: “The NHS has strict policies in place for managing access to patient data and carries out regular audits to ensure compliance – including monitoring the work of engineers helping to set up the central data collection platform that will track NHS performance and help improve care for patients.
“Anyone external requiring access must have government security clearance and be approved by a member of NHS England staff at director level or above.”

Facts Only

* MPs warned that granting Palantir access to identifiable patient information was "dangerous."
* NHS England allowed staff from Palantir and other contractors access to patient data before it was pseudonymised.
* The access allowed "unlimited access to non-NHSE staff" to the NHS federated data platform (FDP), which holds identifiable patient information.
* Palantir was awarded a £330m contract to help build the FDP and install AI systems for health service efficiencies.
* The Patients Association expressed concern that patients were not consulted on the change in data access agreements.
* NHS England stressed that external consultants requiring data access must have government security clearance and be approved by NHS England staff.
* Palantir stated it was a "data processor," meaning its software could only process data precisely in line with customer instructions.
* The leaked NHS briefing acknowledged public interest and concern regarding Palantir/Palantir staff access to patient data.
* The NHS has strict policies and regular audits to ensure compliance regarding patient data access.

Executive Summary

NHS England permitted staff from the US tech firm Palantir and other contractors access to patient data before pseudonymization, despite internal fears regarding a loss of public confidence. This access was granted to allow "unlimited access to non-NHSE staff" to part of the NHS’s federated data platform (FDP), which contains identifiable patient information. Palantir received a £330 million contract to build the FDP and install AI systems to integrate health datasets. Patients and campaigners expressed concern that they were not consulted regarding this significant change in data access. The NHS maintained that strict policies were in place, requiring external consultants to have government security clearance and approval from NHS England staff. Critics, including MPs and patient associations, argued that the project lacked security by design and that data privacy was not prioritized. Palantir asserted it was a data processor, limited by access controls overseen by the NHS.

Full Take

The narrative surrounding the Palantir contract highlights a systemic tension between technological expediency, institutional mandates, and public trust. The core pattern observed is the deployment of advanced AI and data integration tools within critical public services without sufficient accountability or public consent, creating a scenario where proprietary interests intersect with public health. This dynamic leverages the perceived complexity of data systems to justify access, which then becomes a source of moral panic when that access is revealed. The distrust stems from the perceived asymmetry of power: external contractors, often linked to military or immigration enforcement (as suggested by the article), gain unprecedented access to deeply personal health information, while the public is left without meaningful consultation. The system operates under the assumption that operational necessity outweighs privacy concerns, a position that the source material suggests is being challenged by both legal frameworks and public opinion. The implications point to a failure in "security by design," where security measures are treated as an add-on rather than a foundational principle, allowing powerful entities to bypass established safeguards. This pattern of data extraction risks eroding the public's sense of cognitive sovereignty, as the mechanisms governing personal data are increasingly opaque, allowing private, high-stakes decisions to be made outside of public scrutiny.

Sentinel — Human

Confidence

This text reads as high-quality, human-authored journalism that effectively synthesizes conflicting claims about data privacy, AI implementation, and public trust within the NHS context.

Signals Detected
low severity: Sentence length variance is present, and the voice shifts between journalistic reporting and direct quotes, which is characteristic of human-edited prose.
low severity: The text successfully integrates disparate quotes and conflicting viewpoints (MP, patient group, NHS spokesperson) into a cohesive narrative without excessive mechanical balancing.
low severity: The article uses varied attribution and integrates complex background details (Palantir's wider contracts, political context) that suggest deeper editorial choice rather than simple LLM stitching.
low severity: No immediate signs of LLM confabulation. The data points (names, organizations, specific reported conflicts) are internally consistent.
Human Indicators
The use of distinct, high-stakes quotes from multiple, varied sources (MPs, patient advocates, tech commentators) provides idiosyncratic emphasis.
The interplay between objective reporting and polarized political/ethical arguments is handled with a specific editorial rhythm.
The inclusion of context regarding Palantir’s wider contracts and public distrust polling demonstrates a pattern of human investigative framing.