Growing Concerns of NHS Patient Data, Palantir and Public Trust

Written by Andrew Jones

Disclaimer: This article is for informational, educational, and public-interest discussion purposes only and does not constitute legal advice. Readers concerned about their personal data, medical confidentiality, or privacy rights should seek independent legal advice or contact the UK Information Commissioner’s Office (ICO), NHS England, or their local health authority directly. Allegations and concerns discussed in this article are based on public reporting, campaign group statements, parliamentary commentary, and public debate surrounding NHS data governance and third-party contractor access.

The Quiet Expansion of NHS Data Sharing Raises Public Alarm

A growing number of privacy campaigners, clinicians, legal experts, and members of the public are expressing serious concerns over reports that NHS England has granted broad access to identifiable patient data to the US technology company Palantir Technologies and external consultancy contractors working on the NHS Federated Data Platform (FDP).

The issue is not simply about technology. It is about trust, confidentiality, consent, sovereignty, and whether ordinary citizens were properly informed that deeply sensitive medical records may be accessible by private contractors before anonymisation or pseudonymisation protections are applied.

According to reports and leaked internal briefings referenced by campaign groups and media outlets, the concern centres around a part of the system known as the National Data Integration Tenant (NDIT). This is reportedly where NHS bodies, Integrated Care Boards (ICBs), and NHS Trusts upload raw patient submissions containing fully identifiable information before privacy filters are applied.

The public-facing explanation from NHS England has largely focused on pseudonymised datasets used for planning and operational efficiencies. However, critics argue that the real concern lies beneath that layer, where names, addresses, NHS numbers, dates of birth, mental health records, reproductive health information, diagnoses, medications, and treatment histories may be visible to authorised contractors involved in maintaining or developing the system.

Many members of the public say they were never clearly informed that this level of access could exist.

What Is the NHS Federated Data Platform?

The NHS Federated Data Platform (FDP) was introduced as a major digital transformation initiative intended to improve efficiency across the health service. Supporters argue that integrated data systems can help reduce waiting lists, improve hospital coordination, streamline appointments, allocate resources more effectively, and improve patient outcomes.

Critics, however, argue that the scale of centralisation creates unprecedented risks if governance, oversight, or contractor access is insufficiently restricted.

The controversy intensified after reports suggested that external contractors working on the FDP programme may have been granted extensive permissions within the National Data Integration Tenant because individual access requests were considered administratively inconvenient.

For many people, this raises a deeply troubling question:

Why should identifiable patient data ever become more accessible merely because privacy controls are considered inconvenient?

Why Are People Concerned About Palantir?

Palantir Technologies is a US-based technology company known for providing large-scale data analytics and intelligence software to governments, defence agencies, military organisations, and law enforcement bodies.

The company has worked with:

US defence and intelligence agencies
Immigration enforcement programmes
Military operations
Counterterrorism and surveillance systems

Critics argue that this background makes Palantir an uncomfortable choice for handling sensitive healthcare data.

Campaigners have questioned whether companies associated with surveillance and intelligence infrastructure should be involved in systems handling confidential patient information, particularly where citizens did not actively opt in.

Supporters of the FDP insist that strong safeguards exist and that access controls are governed contractually and technically. However, public confidence appears increasingly strained.

Does This Affect Wales, Scotland, and Northern Ireland?

This is an important distinction. The NHS is not one single unified organisation across the United Kingdom. Instead, healthcare is devolved:

Each nation operates under separate administrative and governance frameworks.

At present, most controversy specifically relates to NHS England and the Federated Data Platform programme.

However, concerns remain because:

Healthcare systems increasingly share digital infrastructure principles
UK-wide data interoperability initiatives continue to expand
External technology suppliers may work across multiple jurisdictions
Citizens are often unclear about where their information travels

People living in Wales, Scotland, and Northern Ireland may therefore wish to:

Review their own national data governance policies
Check local NHS privacy notices
Ask their local health boards or trusts about contractor access arrangements
Clarify what opt-outs or objections exist in their jurisdiction

GDPR, Human Rights & Potential Legal Concerns

Critics argue that the controversy raises significant questions under:

Potential GDPR Concerns:

Under UK GDPR, personal data processing must generally be:

Lawful
Fair
Transparent
Necessary
Proportionate
Secure

Special category data, including health information, receives enhanced legal protection because of its highly sensitive nature.

Questions campaigners are asking include:

Was the public adequately informed?
Was the processing sufficiently transparent?
Was contractor access proportionate?
Were safeguards robust enough?
Could less intrusive methods have been used?
Were patients given meaningful choices?

If identifiable data is accessible before anonymisation or pseudonymisation, critics argue this substantially increases privacy risks.

Human Rights Concerns

Medical confidentiality is widely regarded as a cornerstone of trust between patients and healthcare providers.

Article 8 of the European Convention on Human Rights protects the right to private and family life. Courts have repeatedly recognised medical information as among the most sensitive categories of personal data.

Once public trust in medical confidentiality is weakened, patients may become reluctant to:

Seek treatment
Discuss mental health issues openly
Report addictions
Seek sexual health support
Disclose domestic abuse
Participate honestly in healthcare assessments

This can create broader public health consequences.

Equality Act 2010 Concerns

Disabled individuals, people with mental health conditions, neurodivergent people, and vulnerable communities may be disproportionately affected by fears surrounding medical confidentiality.

Campaigners argue that loss of trust in the system could discourage disabled people from engaging fully with healthcare services, potentially raising Equality Act considerations regarding indirect discrimination, accessibility, psychological impact, and institutional trust.

Why Would a US Technology Firm Want Access to NHS Data?

Supporters of the FDP say the answer is operational:

Building systems
Testing integrations
Running analytics
Improving efficiencies
Managing NHS logistics
Supporting healthcare planning

Critics argue the concern is not necessarily about a conspiracy, but about the concentration of power and data centralisation.

The larger and more centralised a dataset becomes:

The more attractive it becomes to hackers
The greater the consequences of misuse
The more difficult meaningful oversight becomes
The more vulnerable systems become to future policy changes

Critics also worry about:

Mission creep
Expanded future uses
International legal exposure
Third-party dependencies
Cross-border jurisdictional complications

The issue is therefore not simply “what is happening now,” but what safeguards exist to prevent future misuse.

The National Data Opt-Out Debate

Many citizens mistakenly believe the National Data Opt-Out prevents all NHS data sharing.

It does not.

The opt-out primarily applies to certain forms of research and planning.

According to campaigners, NHS England classifies parts of the FDP infrastructure as supporting direct care and operational functions, meaning the standard opt-out may not fully apply to these systems.

This has become one of the central points of public frustration.

People feel they may have believed they had greater control over their information than they actually do.

What Can People Do?

Citizens concerned about their privacy may wish to consider:

Filing an Article 21 UK GDPR objection
Requesting information under Subject Access Rights
Contacting the ICO
Writing to their MP
Asking NHS Trusts how contractor access is governed
Reviewing local NHS privacy notices
Requesting clarity on retention policies and audit logs
Supporting stronger data governance campaigns

People can also ask:

Who accessed my data?
Why was it accessed?
What safeguards exist?
Was identifiable access necessary?
How is access monitored?

Public accountability often increases when concerns are raised formally and in writing.

Public Trust Is the Foundation of Healthcare

Regardless of political position, many people agree on one thing:

Medical confidentiality matters.

Trust is essential for effective healthcare systems. Patients must feel safe discussing:

Mental health
Trauma
addiction
reproductive health
disabilities
domestic abuse
chronic illness

Without trust, healthcare itself can suffer.

Technology can undoubtedly improve healthcare delivery. However, digital transformation without meaningful transparency, informed public engagement, and robust safeguards risks creating the perception that efficiency is being prioritised over privacy and consent.

For many citizens, the core issue is simple:

Sensitive medical records should never feel like a commodity, an administrative inconvenience, or a technical asset to be quietly circulated behind closed doors.