NHS England has agreed to create a new administrative access role that would allow external contractors working on the NHS Federated Data Platform (FDP) to access identifiable patient data within a core data environment, according to internal briefing documents first reported by the Financial Times.
The move relates to the National Data Integration Tenant (NDIT), described internally as a “safe haven for data” before information is pseudonymised and transferred into other systems connected to the FDP.
The FDP, developed under a £330 million contract awarded to Palantir Technologies in 2023, is designed to bring together operational NHS data from across trusts and healthcare systems to support planning, waiting list management and operational decision-making.
However, the proposed change represents a significant shift from existing data access arrangements. Under current processes, individuals working with NDIT data must apply for approval to access specific datasets. The new “admin” role would instead provide broader permissions to approved external staff, including employees of Palantir and consultancy firms supporting the programme.
According to the briefing note, the request for broader permissions came because it had become “too inconvenient to apply for all of the necessary individual CDAs” – or controlled data access permissions.
Governance and public trust concerns
The document also acknowledged the wider implications for public confidence, warning there was a “risk of loss of public confidence” around “safeguarding patient data and ensuring appropriate use and access to it”.
That concern reflects broader debates across UK public services about how government bodies manage sensitive citizen data, particularly when commercial suppliers and third party contractors are involved.
Public trust has become an increasingly central issue in digital government programmes, especially where health or immigration-related data is concerned. In recent years, concerns have been raised about NHS patient information being shared with immigration enforcement authorities. Campaigners and healthcare groups have argued that even the perception that accessing healthcare could expose vulnerable individuals to enforcement action risks discouraging people from engaging with NHS services altogether.
The FDP programme has already faced scrutiny from privacy campaigners, clinicians and civil society organisations over the scale of data consolidation involved and Palantir’s role in delivering the platform.
Critics have pointed to the company’s work with US defence and immigration agencies, as well as comments made by Palantir co-founder and chief executive Alex Karp, as contributing to concerns about the ethical governance of NHS data infrastructure.
Some NHS staff have reportedly declined to work on FDP-related projects because of those concerns.
The internal briefing note reportedly acknowledged the sensitivity around Palantir specifically, stating there was “currently considerable public interest and concern about how much access to patient data Palantir/Palantir staff have”.
If you liked this content…
GDS publishes principles for securing data across government departments
Q&A: Why technology convergence is key to collaboration and data sharing in government
UK leads in European government AI adoption
NHS, housing and care providers eye better data sharing
Shared Care Records and personalised medicine ‘could prevent hundreds of deaths’
NHS England and Palantir respond
NHS England said the enhanced access arrangements would apply only to a small number of external staff and would remain subject to oversight controls, including security clearance requirements and senior approval processes.
An NHS England spokesperson said the organisation has “strict policies in place for managing access to patient data” and carries out “regular audits to ensure compliance”.
The spokesperson added: “Anyone external requiring access must have government security clearance and be approved by a member of NHS England staff at director level or above.”
The briefing document also recommended safeguards including caps on the number of external administrators, time-limited access arrangements and regular reviews of permissions. Those recommendations have reportedly now been accepted.
Supporters of the FDP programme argue that the platform has the potential to significantly improve operational efficiency across the NHS by allowing trusts and health systems to work from shared data environments. Use cases have included theatre scheduling, waiting list management and capacity planning.
Palantir defended its role in the programme, saying that it acts only as a processor of NHS data rather than a controller. A company spokesperson said: “To the NHS, and all our customers, we are designated by law as a ‘data processor’, with our customers ‘data controllers’.
“That means that Palantir software can only be used to process data precisely in line with the instruction of the customer.”
The company added that using the data for any other purpose would be “technically impossible due to granular access controls overseen by the NHS,” as per the FT.
Wider implications for digital government
The disclosures are likely to intensify wider debates around how public sector organisations balance operational transformation with citizen trust – particularly as government departments increasingly rely on large-scale data integration platforms and external tech suppliers to modernise services.
Martin Wrigley, Liberal Democrat MP and member of the House of Commons technology committee, criticised the approach outlined in the documents, saying the “public will be rightfully concerned that data privacy is not the first concern”.
For digital government leaders, it highlights a recurring challenge facing major transformation programmes: while integrated data platforms can unlock significant operational benefits, maintaining public confidence in how sensitive information is accessed, governed and safeguarded is critical.
