Why we’re working to uphold the privacy of NHS patient data

Who is Palantir?

Palantir is a US-based tech giant, co-founded by the rightwing entrepreneur, Peter Thiel. 

Thiel has been very critical of our NHS and has been reported as claiming that it “makes people sick”.

The company recently won a £330m contract to run NHS England’s Federated Data Platform over the next seven years.

Palantir has been criticised for working alongside the US immigration enforcement agency (ICE) to implement a draconian deportation system introduced by Trump back in 2017. And it has also supplied technology to governments that enables them to spy on their citizens. Palantir’s contract with the New York Police Department ended in acrimony with the company withholding access to the analytic data it produced.

It’s no surprise that we are one of many organisations who have raised concerns about Palantir getting this contract. The British Medical Association has previously pointed out the potential lack of scrutiny of bidders for this contract on ethical grounds and have said Palantir’s appointment is “deeply worrying”.

What is the NHS Federated Data Platform?

The Federated Data Platform (FDP) is a new programme being implemented to manage data across England. The NHS says it will join up information held by different trusts, help hospitals manage their data better and improve treatment and waiting times, and support research and planning across the healthcare system. It’s been described as “the operating system for the NHS”: It won’t include “national” access to GP records, but may include other access to GP records.

We fully understand that the NHS needs to store information about patients and we are not against any FDP in principle, but we – and patients’ groups – look at the other decisions NHS England has made, and see problems with those decisions. It’s not surprising then that patients are interested in what control they can exercise over their health data. The law gives patients rights over their personal data. How they work in the NHS context is complex, but from what we can see so far, it appears those rights are not being respected, even before this contract was handed to Palantir.

We have concerns – which are explained in the following section – about how the NHS is already handling our private data.

This additional contract means that Palantir will be processing a huge amount of medical data. NHS England has said that the contract with Palantir contains strict stipulations about confidentiality and that data on the FDP will only be accessed in the ways it directs. However, we’re concerned that the lack of scrutiny and safeguards could lead to misuse of our data.

What is the NHS National Data Opt-Out?

Using the National Data Opt-Out (NDOO) system in theory allows a patient to decide if they do or do not want their private medical information to be used for purposes outside of their individual care and treatment, referred to as “research and planning”. The NHS only allows patients to opt out of both “research and planning” together, and not one or the other separately.

NHS England says there is currently no way to directly opt out of data being shared with Palantir’s FDP. As the FDP is fully implemented, we expect using the NDOO will limit the extent of data-sharing within the system, but it’s unclear to what extent, given the various caveats that are being applied. So, we believe the NDOO should reflect patients’ full legal rights so that patients, if they choose, can place firm limits covering more of their personal data.

Our recent video on the NHS National Data Opt-Out process

Recently we published a video that takes people step-by-step through the NHS National Data Opt-Out. This has drawn some criticism online and in the Sunday Times for implying that, by using this opt out, people can keep their data from being shared with Palantir.

But, as we say explicitly in the video, the NDOO doesn’t opt you out of sharing your data across NHS systems. (Indeed, that is a troubling limit to it.)

NHS England has now said that the National Data Opt-Out won’t “initially” apply to data being shared with the Federated Data Platform. This is because the FDP won’t currently be used “to process identifiable data for purposes other than the individual care of patients”. It has also said: “If, in the future, FDP is used for a purpose where the national data opt out does apply, then it will always be respected. This means that the records of patients who have registered a national data opt out will not be processed in the FDP for these purposes.” 

So using the National Data Opt-Out could help to limit the information that is shared with Palantir’s Federated Data Platform in the future.

It’s not yet clear whether anonymised or pseudo-anonymised data is being shared with Palantir’s Federated Data Platform right now, or whether the National Data Opt-Out will cover what can be shared like this in the future. The truth is, it’s complicated. On the same weekend the Sunday Times criticised our video and said the opt-out “does not apply to the federated data platform”, they also published another piece suggesting that “Patients can also opt out of the federated data platform”

And this is the crux of our campaign. The effects of the National Data Opt-Out are complicated and unclear and its operation may well be unlawful. It needs to be improved.

What are our concerns with the National Data Opt-Out and how your medical data is being handled?

Under data protection law, each of us has a “right to object” to our data being used in certain ways. This is an important safeguard which protects us from having our personal information used in ways we’re not happy with.

We are concerned that the NDOO – as it currently operates – does not fully satisfy the right to object. NHS England has created a lot of confusion about whether it applies to private medical information which the NHS says it has ‘deidentified’ and, if so, what steps have been taken to make sure the data is truly anonymised.

What are we doing about it?

We have assisted several affected individuals to write to NHS England and regional Integrated Care Boards to raise their concerns about how their data is being used and the NDOO is working as it should under the law.

We expect that – unless NHS England provides us with a satisfactory explanation clearing up the confusion it has created – we will begin legal proceedings to make sure the NDOO does work properly in order to protect patient privacy and respect patient wishes. If that is successful it should apply to all NHS patients who want to use the right to object.

Should you use the National Data Opt Out?

This is a decision for every patient to make for themselves. There are many benefits to the NHS being able to use medical data to make decisions which will benefit us all, but we believe this needs to be done in a way which respects the right to privacy. At a time when patients are justifiably concerned by NHS data practices, it is only right to focus on the choices that they have.

We hope that our work will ensure that proper safeguards are in place and that patients can trust that the NHS takes account of their preferences and legal rights in how it uses their health data. In the long-term, an NHS that fully respects patient data rights will be more trusted and will be able to deliver better for us all.

We recently published a video explaining how patients can use the NDOO if they wish to do so, and medConfidential has additional guidance on the extra steps for those who have children.

The National Data Opt-Out exists but it doesn’t currently give patients the control that they want; we hope to improve it for everyone.