NHS Broadens Contractor Access To Patient Data

Fresh controversy has erupted around the NHS Federated Data Platform after reports claimed Palantir contractors and other external staff could be granted much broader access to identifiable patient data inside one of the NHS’s most sensitive systems.

What’s Happening To Our Health Data?

According to a recent report in the Financial Times, NHS England has approved the creation of a new administrative access role inside its National Data Integration Tenant, or NDIT, which sits at the heart of the NHS Federated Data Platform (FDP).

The NDIT is effectively a controlled environment where identifiable patient data is held before information is pseudonymised and distributed into other operational systems connected to the FDP.

Until now, external personnel working on the platform reportedly had to apply for access to specific datasets individually through what NHS England calls Controlled Data Access requests.

However, it’s been reported that leaked internal briefing documents argued that the process had become operationally difficult and time-consuming, particularly given the scale and complexity of the FDP programme.

As a result, NHS England has reportedly approved a broader “admin” role allowing a small number of approved non-NHS personnel to access data inside the NDIT without repeated case-by-case approvals.

Some critics are even describing the arrangement as effectively creating “unlimited access” for contractors inside part of the NHS’s flagship data infrastructure project.

NHS England has strongly pushed back against suggestions that controls are being weakened, saying the organisation maintains “strict policies in place for managing access to patient data” and carries out “regular audits to ensure compliance”, while also stressing that any external access requires government security clearance and director-level approval.

What Is The Federated Data Platform?

The FDP is one of the NHS’s largest digital transformation projects. The £330 million contract was awarded in 2023 to a consortium led by Palantir Technologies, a US data analytics company best known for its work in defence, intelligence, security, and large-scale data integration.

The platform is designed to connect fragmented NHS operational datasets into a unified system intended to improve waiting list management, resource allocation, planning, and operational efficiency.

NHS England argues the FDP will help modernise healthcare operations and improve patient outcomes by allowing NHS organisations to use data more effectively across trusts and services.

The NHS also insists that patient data remains under NHS control at all times, with Palantir legally acting only as a “data processor” operating under NHS instructions.

Who Are Palantir And Peter Thiel?

Much of the controversy surrounding the FDP stems not simply from the technology itself, but from Palantir’s wider reputation and affiliations.

Palantir Technologies was co-founded in 2003 by billionaire investor Peter Thiel alongside executives linked to PayPal and US intelligence circles.

Thiel is one of Silicon Valley’s most influential and controversial figures. He was an early Facebook investor, co-founder of PayPal, and has longstanding links to conservative US political movements and defence technology investment.

Palantir itself originally built software for US intelligence and military agencies following the September 11 attacks and has since expanded heavily into defence, immigration enforcement, policing, and government analytics worldwide.

The company has worked with organisations including the CIA, FBI, Pentagon, US Immigration and Customs Enforcement (ICE), NATO, and multiple Western defence agencies.

Critics argue that background makes Palantir an uncomfortable fit for handling sensitive NHS infrastructure and patient data, particularly given growing public concern about AI, surveillance, and data concentration inside critical public services.

Supporters, however, argue that Palantir specialises precisely in the kind of large-scale data integration and operational analytics the NHS badly needs.

Why This Matters Politically

The latest reports have reignited long-running concerns from privacy campaigners, MPs, and patient rights groups who argue the NHS risks eroding public confidence if governance boundaries become unclear.

The leaked NHS briefing itself reportedly acknowledged “considerable public interest and concern” around how much access Palantir staff may have to NHS patient data.

Labour MP Rachael Maskell has described the latest development as “dangerous”, while patient advocacy groups questioned why patients had not been more directly consulted.

At the centre of the debate is a broader tension facing governments worldwide.

Modern AI systems and advanced analytics often work best when large datasets can be integrated, connected, and analysed centrally. However, the more powerful and interconnected those systems become, the greater the concerns around access control, oversight, accountability, and misuse.

The NHS insists safeguards remain in place, including role-based access controls, UK-only data storage, security clearances, auditing, and contractual restrictions preventing Palantir from commercialising NHS data or training AI models on it. However, critics argue the issue is increasingly about trust as much as technical controls.

What Does This Mean For Your Business?

For businesses and organisations, the controversy highlights how rapidly debates around AI, analytics, and data governance are moving from technical discussions into questions of trust, transparency, and public legitimacy.

The NHS FDP project also demonstrates how AI and large-scale analytics are increasingly becoming embedded inside critical national infrastructure rather than remaining standalone software tools.

Many organisations are now facing similar tensions themselves, i.e., balancing operational efficiency, automation, and AI capability against privacy concerns, governance expectations, supplier concentration risks, and reputational exposure.

The Palantir row may ultimately become less about one NHS contract and more about how comfortable people are with huge global technology corporations having access to highly sensitive personal health information, particularly as AI-driven systems become more deeply embedded inside essential public services and everyday decision-making.