This article is more than 1 year old

Rights groups threaten legal action over NHS data pilot based on Palantir tech

'Acute and justifiable fear' in the way patient data is set to be processed, campaigners warn

An NHS pilot to upload patient data in a data analytics system based on tech from Palantir is the subject of a legal threat from campaign groups who claim it appears to circumvent data protection and procurement laws.

The move comes as the UK government is set to kick off the procurement of a controversial £360 million ($443 million) data platform which is set to draw from systems Palantir built during the pandemic, and which the US spy-tech company is said to consider a "must-win."

Last month, The Register reported that NHS England, a non-departmental arm of the government, is set to extract patient-identifiable data from NHS hospital systems and share this with its data platform based on technology from Palantir, a move that seems set to provoke another legal challenge.

According to NHS Digital board meeting papers [PDF], the Faster Data Flow pilot is set to "collect patient level identifiable data pertaining to admission, inpatient, discharge and outpatient activity from acute care settings on a daily basis" without consulting patients or giving them the choice of opting out, to help manage the crisis in treatment waiting times resulting from the COVID-19 pandemic.

Last week campaign groups including the Doctors' Association UK, National Pensioners' Convention, and Just Treatment warned NHS England of its use of "an extensive and extremely sensitive set of data" by Palantir without appropriate legal safeguards.

With the help of data privacy campaign group Foxglove, lawyers representing the groups have written to NHS England seeking reassurances over its use of the data which include individual patients' NHS numbers, date of birth, postcode, local patient identifiers and data about their admission, inpatient, discharge and outpatient activity.

"Our clients therefore have an acute and justifiable fear that the Pilot marks a fundamental change in the way in which NHS data is processed, held and accessed. As we explain below, our clients are very concerned about the legality of this fundamental change, which raises concerns that may require litigation," the letter states.

The letter requests a full, clear and detailed explanation of the pilot, including its rationale and purpose. It also asks about steps taken to implement the pilot so far as whether any data has already been transferred. It also ask how the pilot impacts the planned Federated Data Platform (FDP) procurement and programme, the twice-delayed £360 million project.

It also states the pilot is at risk of violating data protection law consent requirements, specifically regarding the need to seek consent for processing so-called pseudonymized data.

An NHS spokesperson said: "By collecting data in a more streamlined way the NHS is better able to plan and allocate resources to maximise outcomes for patients, whilst ensuring that data control remains with the NHS at all times.

"Ultimately, it will help all NHS organizations to better understand their waiting lists and pressures in near real time, work as systems, and the burden of manual reporting on staff will be significantly reduced."

Last month, NHS England suggested the overall £400 million ($492 million) FDP programme procurement would be broken up. Ming Tang, chief data and analytics officer at NHS England, told the Financial Times the organization had split up the procurement to "safeguard" the service.

In March last year, the UK government caved at the threat of a judicial review into its £23 million ($28 million) contract with Palantir in setting up the NHS COVID-19 Data Store, agreeing to three concessions. Last month, The Register revealed projected work from that data store would go on to be supported by FDP. ®

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like