A health minister has insisted that the ownership of patient data is not being transferred to the federated data platform’s (FDP) supplier, Palantir.
But minister for health innovation and safety Preet Kaur Gill told an influential committee of MPs that while understood people’s concerns the NHS cannot operate a procurement system based on political preference.
Giving evidence to the Health and Social Care Committee session last Tuesday Ms Gill also apologised for an ‘error’ in the National Data Integration Tenant’s data protection impact assessment which wrongly suggested that supplier access to data was just for NHS staff.
But she stressed that Palantir staff could only access the data for a ‘legitimate purpose’, and all access is time limited.
US tech giant Palantir was awarded a seven-year contract in 2023 to deliver the FDP, but has faced widespread public criticism over its technologies being used in conflicts in the Middle East and by the US immigration enforcement institution ICE.
Committee chair Layla Moran asked Ms Gill whether she accepted that there was unease and ‘huge disquiet’ about Palantir among some of the royal colleges and the public.
In response, the Ms Gill said: ‘I would say that the NHS cannot operate a procurement system based on political preference or opinion.
‘And, at the end of the day, any supplier has got to operate on the basis of evidence, capability, valuable money, compliance with UK and international law, and whilst there may be allegations, and whilst there may be some concerns, I have got to focus and balance about patient outcomes and transformation for the NHS,’ she added.
But when pressed by Ms Moran on whether she was worried about ‘disquiet’ among the public, Ms Gill said that while she appreciated and understood the concerns people have, no data is being transferred.
‘Yes, I understand the concerns that people have, but this is not about transferring ownership of NHS data, because the NHS is the controller of data, that’s what the public cares about, who owns my data.’ she added.
Responding to concerns from the National Data Guardian that the data protection impact assessment missed out that some external contractor staff at Palantir also can access identifiable patient information, Ms Gill said she was ‘very sorry’ that the ‘error’ happened.
‘Well, firstly, can I say I’m very sorry that that happened, but nobody has access to the system without having a legitimate purpose, and all access is time limited. It’s audited, you know who would have access, what they needed it for,’ she said.
‘There was an error by NHS England that meant that the data protection impact assessment that was referred to [said just] NHS staff, rather than clarifying that actually the access was for authorised users and support staff.
‘I know that NHS England has now reviewed that information and is strengthening the impact assessment to obviously make sure it aligns with the best data protection service.’
The minister also said that the error in the data protection impact assessment was not a ‘mistake’, but instead a ‘clarification of who has access’.
And she also said that there was ‘a proper audit process around accessibility’.
However, NHS England’s director of data and analytics Ayub Bhayat admitted that the organisation was auditing its own work.
But Mr Bhayat assured MPs that it was ‘a separate team within NHS England, which is normal process’.
Former health minister Dr Zubir Ahmed told MPs in April that the government will decide later this year whether they will extend Palantir’s FDP contract.
At the committee meeting, Mr Bhayat confirmed that the intention is to inform Palantir early Autumn if a decision is made not to extend its contract, but December is the latest it can be done.
Healthcare Leader has contacted Palantir for comment.
