"NHS England has decided to allow external personnel from contractors, including Palantir, to access identifiable patient data through a new administrative role on its main data platform, the Guardian reported on Sunday, citing an internal briefing note. The change applies to the National Data Integration Tenant, a controlled environment that NHS England describes as a "haven" for identifiable patient data before that data is pseudonymised and passed into other systems connected to the Federated Data Platform (FDP)."
"Under existing rules, anyone working on the platform has to apply for approval to access specific datasets, a process known as a Controlled Data Access (CDA) request. The briefing note seen by the Guardian says NHS England is creating a new "admin" role that grants broader permissions to approved external staff in a single approval, on the basis that applying for individual CDAs had become "too inconvenient"."
"NHS England has said that anyone external requiring access under the new arrangement must hold government security clearance and be approved by an NHS England director or more senior official. The list of contractors with potential access also includes consultancy firms supporting the programme. Palantir Technologies won the £330m FDP contract in 2023 and is the primary external contractor on the platform."
"The Federated Data Platform is designed to pull operational data from trusts across the NHS into a single environment for planning, waiting-list management and resource allocation. Identifiable patient information is meant to remain inside the National Data Integration Tenant, with only pseudonymised or aggregate data passed to downstream FDP modules. The new admin role applies to st"
NHS England is allowing external contractor personnel, including Palantir, to access identifiable patient data through a new administrative role on the Federated Data Platform. The access is granted within the National Data Integration Tenant, described as a controlled “haven” where identifiable data is held before pseudonymisation and transfer to connected systems. Existing access requires Controlled Data Access (CDA) requests for specific datasets. The new role replaces multiple CDA approvals with broader permissions based on a single approval for external staff. Patient groups and Labour MPs have warned the change is dangerous. NHS England says external access requires government security clearance and approval by an NHS England director or more senior official, and that identifiable data should remain within the tenant while only pseudonymised or aggregate data flows onward.
Read at TNW | Data-Security
Unable to calculate read time
Collection
[
|
...
]