- NHS England grants ‘unlimited access’ to external contractors
- Entrepreneurs previously had to request access to specific data
- Companies working on the federated data platform, such as Palantir, will have a new “administrator” role created to access patient data.
NHS England has allowed external contractors to have “unrestricted access” to identifiable patient data.
Access was granted to external personnel from Palantir and other companies working on the Federated Data Platform (FDP). The FDP’s National Data Integration Tenant (NDIT) links fragmented data from multiple NHS systems into a single centralized platform.
There has been outspoken opposition to Palantir’s contract with the NHS due to the company’s work with the US immigration enforcement agency (ICE) and its links to military and intelligence-gathering projects.
Palantir to manage identifiable patient data
An internal information note seen by the Financial Times stressed that the NDIT is a “safe haven for data” before it is “pseudonymized” and transferred via the FDP.
In order for external contractors to access the NDIT, NHS England is set to create a new “administrator” role which “allows unrestricted access to non-NHSE staff”, including access to patient data before it is pseudonymised.
Previously, a contractor had to request access to specific data sets. Now contractors have asked to have the same level of access to patient data as an NHS worker with security clearance. The request was made “because it is too inconvenient to request all the necessary individual CDAs”.
The memo further highlights that this access would be limited to a small number of non-NHS staff. He also explained that “being sure exactly who is accessing which identifiable patient data at any time” is essential to helping the NHS deliver on its five “data promises”. The note adds that “the more people have unrestricted access, the less this goal can be achieved.”
An NHS England spokesperson said: “The NHS has strict policies in place to manage access to patient data and carries out regular audits to ensure compliance – including monitoring the work of engineers helping to set up the central data collection platform which will track NHS performance and help improve patient care. »
“Any external person requiring access must have government security clearance and be approved by a member of NHS England staff at director level or above.”
Some NHS staff have refused to use the FDP due to ethical concerns about Palantir’s involvement in sensitive patient data, with others saying the FDP is “horrible” to use.
A Palantir spokesperson said: “For the NHS and all our customers, we are referred to by law as a ‘data processor’, with our customers being ‘data controllers’.
“This means that Palantir software can only be used to process the data in accordance with the customer’s instructions. Using the data for any other purpose would not only be illegal but technically impossible due to the granular access controls overseen by the NHS.”
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
