TL;DR
NHS staff have raised concerns after discovering that engineers working for Palantir, the US data-analytics firm behind the NHS Federated Data Platform, have been issued NHS.net email accounts — giving them access to a staff directory containing contact details for up to 1.5 million people. At least six Palantir engineers hold such accounts, alongside access to internal SharePoint and Microsoft Teams groups.
The contract and the controversy
Palantir won a £300 million contract in 2023 to build the NHS Federated Data Platform (FDP), which stitches together patient records held across disparate systems to help hospitals manage waiting lists and allocate appointments. The company says FDP has supported 110,000 additional operations, a 15.3% reduction in discharge delays and a 6.8% lift in cancer diagnoses within 28 days of referral. NHS England is encouraging hospital trusts and integrated care boards to adopt it.
Supplier access to NHS email infrastructure is routine — the NHSmail access policy explicitly permits “independent sector organisations that provide health and social care services nationally” to use it. What is unusual is the strength of staff reaction. Resident doctor Rory Gibson told the Guardian he did not want his personal email and phone accessible to someone who “might next month be working on systems for drone strikes”, citing Palantir’s defence and surveillance work for Western militaries.
The governance question
David Rowland, director of the Centre for Health and the Public Interest, told the Guardian the email provisioning may not breach any rule, but said the episode “shows there are deep ethical concerns” and called for a full-scale review of private contractors delivering NHS services. Some NHS staff reported joining virtual Teams meetings without realising participants joining under NHS.net addresses were Palantir employees — a transparency gap NHS England has not directly addressed beyond restating that all data access remains under NHS instruction.
Looking forward
With Reform UK floating a British immigration-enforcement agency and Palantir’s software already deployed across UK police and the Ministry of Defence, the FDP row is unlikely to fade. For the NHS, the harder question is whether supplier access policies designed for run-of-the-mill IT contractors are fit for a firm whose commercial identity is tied to national-security work.