This article is more than 1 year old
Mega-data platform worth half a billion will suck in info from family doctors
UK officials argue NHS patient details will only be available locally
A UK health minister has for the first time admitted that information from family doctors is set to be uploaded to the controversial Federated Data Platform (FDP), a set of technologies under a £480 million procurement for which US spy-tech company Palantir is the incumbent supplier.
Speaking in the House of Lords, the UK's upper chamber, Lord Markham said the FDP deal winner would not be able to access medical records of individuals on the system.
"The data controller will remain in place for each individual institution; sometimes it is the GP and sometimes it is the hospital. Fundamentally, everyone's data will be allowed to be used only by the NHS in these circumstances. There are no circumstances in which Palantir – or any other supplier should it win – will have access to see individuals' data," the Parliamentary Under Secretary of State at the Department of Health and Social Care told the Lords.
Procurement documents issued by NHS England – the health department quango – in January and seen by The Register make no mention of GP data arriving on the FDP. Only NHS National Systems, Integrated Care Provider Systems and Trust Systems would upload data to the system.
A spokesperson for NHS England said there were no plans to include GP data in the "National FDP tenant."
However, they explained that "locally, and based on local agreements between GP Data Controllers and ICBs, GP data already forms an essential part of for local population health planning and management. Therefore, the FDP will have the capability to ingest local primary care [GP] data onto local tenants of FDP. There are no plans to flow this data nationally."
Physically, the data will be held by the cloud provider – currently AWS – in its datacenters. Procurement documents explained that the platform would be able to create a "Tenant" as an "independent platform instance" for each trust, for example. "The ambition is that every trust and ICS will have their own 'Tenant' for which they are the data controller."
- Palantir's deals with NHS England top £60M – without competition
- Individual data platforms for all health providers under controversial NHS plans
- NHS England considered using Palantir tech to manage strike disruption
- UK consortium bid for NHS data platform falls at first hurdle
Sam Smith, coordinator at health privacy campaign group MedConfidential, said: "The tender document shows only one data store, with all data held nationally by NHS England. NHS England could be honest about their intentions, but that requires them to admit the fictions that got the half a billion-pound budget approved in the first place."
As part of the FDP procurement, NHS England is also buying "Privacy Enhancing Technology" from a supplier independent of the platform provider. It has also promised to anonymize patient data on the platform.
Lord Markham's insistence that no tech firms would be able to access patient information is also at odds with details given to The Register in September last year. In the run-up to the expected start of the FDP procurement, in fact delayed until January, the official line was cloud and software providers would be able to access the data for technical reasons, but not be able to use it. One official likened it to using Microsoft Word online. The cloud has access to that Word document, but the user would not expect Microsoft to be looking at that document, they said.
An NHS England spokesperson told The Register that tech companies would be considered data processors "engaged under legally binding contracts to perform functions as instructed by the data controller."
"The data processor must work within agreed contractual terms and cannot make decisions on further data use or sharing of that data without the agreement of the data controller – this means that they can only do what they are instructed to by the NHS data controller and cannot access, use or share data unless specifically instructed to do so." ®