Software

Databases

UK government set to extract hospital data to Palantir system without patient consent

'You'll be hearing from us,' say privacy campaigners who previously forced the government to back down


The UK government is set to extract patient-identifiable data from NHS hospital systems and share this with its data platform based on technology from Palantir, a move that seems set to provoke another legal challenge.

Without consulting patients or giving them the choice of opting out, NHS England and NHS Improvement — the non-departmental government body which runs the NHS in England — has instructed NHS Digital to gather the data for the purpose of understanding and reducing the crisis in treatment waiting times resulting from the COVID-19 pandemic.

In NHS Digital board meeting papers [PDF] (see Faster Data Flow - 3.1.2 - on page 163), NHS England tells NHS Digital to "collect patient level identifiable data pertaining to admission, inpatient, discharge and outpatient activity from acute care settings on a daily basis."

The move is an expansion of NHS England's use of Palantir, which had been subject to the threat of a judicial review in 2021. Under legal pressure, the government caved in and agreed not to extend Palantir's contract beyond the pandemic without consulting the public.

The judicial review was set to be brought by the news website openDemocracy, backed by tech campaign group Foxglove.

Speaking to The Register, Foxglove director Cori Crider said: "We're very concerned that this latest move to force more patient data into Palantir has been done with zero public input or consent. That's not what we were told would happen in our case, and we're seriously concerned it's unlawful. The government will be hearing from us shortly."

In the board papers, NHS England directs NHS Digital to use Foundry, a Palantir product for the collection.

While NHS England owns the contractual relationship with Palantir, the new instruction creates "a complex relationship" where, in terms of data protection law, NHS Digital will be the data controller for the collection but will use NHS England as a data processor and Palantir will be a sub-processor, the document said.

NHS England said that patients would not be allowed to block the transfer of their data under the National Data Opt-outs programme since the data was due to be "anonymized in accordance with the Information Commissioner Office's Anonymisation Code of Practice before being released."

However, the same document talks about the data being pseudonymized "to provide daily services" under the plan. And there's always the danger of pseudonymized records being deanonymized, and identifying and documenting actual individuals, when additional info is brought into the mix.

In February 2022, the country's information watchdog, the Information Commissioner's Office (ICO), published draft guidance on pseudonymization [PDF], that said "…personal data which have undergone pseudonymization, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person…"

The guidance followed the introduction of the EU's General Data Protection Regulation, the local implementation of which (the UK GDPR) is under review in the UK following Brexit. The proposed replacement – the Data Protection and Digital Information Bill (DPDIB) – is still progressing through Parliament.

In a Twitter thread explaining the issues with NHS England's approach Phil Booth, coordinator of campaign group medConfidential, said: "The fact is that patients have a #RightToObject to the #processing of their #PersonalData, so – while @NHSEngland may want to ignore people's opt-outs… and contorts itself to say their data's not 'confidential patient information' – the law(s) says otherwise."

An NHS England spokesperson said: "By collecting data in a more streamlined way the NHS is better able to plan and allocate resources to maximise outcomes for patients, whilst ensuring that data control remains with the NHS at all times. Ultimately, it will help all NHS organizations to better understand their waiting lists and pressures in near real time, work as systems, and the burden of manual reporting on staff will be significantly reduced."

There are currently a record 6.3 million patients waiting for treatment in the NHS in England, with 2.54 million patients waiting more than 18 weeks. The median waiting times remain "significantly higher" than pre-COVID levels, NHS England said, while a hidden backlog of patients yet to present with conditions may be even greater.

In the board papers, NHS England calls the new Palantir data initiative the Faster Data Programme. A separate Federated Data Platform is officially still in the pipeline, although the £360 million (c $406 million) procurement has been delayed by several months. Palantir is said to have made that competition a "must-win", having recruited Indra Joshi and Harjeet Dhaliwal, key figures in NHS England's data science and AI teams.

Palantir has provided technology used by the CIA and controversial US immigration agency ICE. ®

Send us news
99 Comments

Ireland opens probe into Musk’s X over Grok’s AI data slurp

Watchdog wants to know whether EU posts were used without consent under GDPR

ICE enlists Palantir to develop all-seeing 'ImmigrationOS' eye to speed up deportations

Only Peter Thiel-backed biz can pull off $30M IT deal, apparently

Assassin's Creed maker faces GDPR complaint for forcing single-player gamers online

Collecting data from solo players is a Far Cry from being necessary, says noyb

Staff at UK's massive health service still have interoperability issues with electronic records

Government plans to boost efficiency with IT need to get people onside

In wake of Horizon scandal, forensics prof says digital evidence is a minefield

Outdated and misinformed legal presumptions at the heart of concerns

Legacy tech is the gift that keeps billing for UK's tax collector

£5.2B more thrown at the never-ending quest to modernize HMRC

Official abuse of state security has always been bad, now it's horrifying

UK holds onto oversight by a whisker, but it's utterly barefaced on the other side of the pond

UK's answer to DARPA sprouts new ideas, like programmable plants

Updated programs suggest ARIA will keep singing for another year

Brit universities told to keep up the world-class research with less cash

Government boasts of £14B in R&D spending, but grant body takes £300M hit

UK stats body snoozes legacy tech overhaul as Treasury tightens purse strings

ONS acknowledges it might be a costly decision in the long run

Palantir suggests 'common operating system' for UK govt data

'Don't wait for another pandemic or civil challenge,' says US spy-tech biz

Home Office haunted by 25-year-old asylum system

'Full benefit' of replacement will not be realized until old one is shut down, projects watchdog warns