Palantir granted direct access to identifiable NHS patient records

TL;DR:

• NHS England has allowed Palantir staff and other contractors to view identifiable patient data on the federated data platform (FDP) before it is pseudonymised, according to a leaked internal briefing.
• MPs and patient groups have warned the move is “dangerous”, reigniting concerns over the £330m FDP contract awarded in 2023.
• Resultsense view: this is the moment when the operational reality of the FDP collides with the consent assurances given when the contract was signed, and it sets a difficult precedent for any UK public-sector AI programme that hinges on bringing in outside vendors to engineer the data plumbing.

NHS England confirmed it has granted “unlimited access to non-NHSE staff” to part of the federated data platform, which holds identifiable patient records used to integrate scattered health datasets. The change, first reported by the Financial Times, applies to a small group working on the data collection pipelines and requires government security clearance — but it sits awkwardly alongside NHS England’s 2023 commitment that “personal data remains protected and within the NHS at all times”.

What changed

The FDP was sold to the public as a way for AI systems to join up fragmented NHS datasets and surface efficiencies in care. Until now, contractors needing to look at the underlying records had to apply for individual permissions dataset by dataset, with hundreds of separate authorisations to manage. The leaked briefing acknowledges “considerable public interest and concern” about Palantir’s role and frames the relaxation as a productivity measure for engineers working on the platform’s internal pipelines.

Palantir maintains it is a “data processor”, not a “data controller”, and says its software can only process data in line with NHS instructions. Records of when staff saw identifiable data are logged, and the company says removing data from NHS systems is technically impossible.

A pattern of UK public-sector contracts

The disclosure lands as Palantir’s UK footprint widens. The Guardian reported last month that the company is close to a deal with the Metropolitan Police to apply AI to intelligence analysis, and Palantir already holds contracts with the UK military. Polling last week found more than two-thirds of the UK public are concerned about Palantir’s growing list of public contracts, with 40 per cent saying they do not trust the company not to access NHS data.

Looking forward

Expect renewed parliamentary pressure on the FDP contract. Rachael Maskell, the Labour MP calling for the project to be stopped, has explicitly invited ministers to intervene, and the Commons technology committee already has the project in view. For UK organisations watching the public-sector AI market — including the SMEs being asked to plug into the FDP at the edges — the practical question is whether NHS England can keep its 2023 data-handling promise visible to patients while engineers do the work needed to make AI integration actually function.