Lord Markham, the Parliamentary Under Secretary of State at the Department of Health and Social Care in the UK, confirmed during a session at the House of Lords that information from family doctors (GPs) will be integrated into the Federated Data Platform (FDP), an emerging technology platform that is part of a £480 ($610.27) million procurement process. Notably, Palantir, a US company known for its intelligence-based technology, is a frontrunner in the procurement.
The FDP has been a subject of heated debate due to concerns surrounding data privacy. In his address to the Lords, Lord Markham was adamant that the successful supplier for the FDP would not have the privilege of accessing individuals’ medical records. He elaborated, “The data controller will remain in place for each individual institution; sometimes it is the GP and sometimes it is the hospital. Fundamentally, everyone’s data will be allowed to be used only by the NHS in these circumstances. There are no circumstances in which Palantir – or any other supplier should it win – will have access to see individuals’ data,” The Register reported.
Earlier procurement documents from NHS England, issued in January, did not explicitly state that family doctor data would be part of the FDP. These documents highlighted that only NHS National Systems, Integrated Care Provider Systems, and Trust Systems would contribute data to the FDP. However, a spokesperson for NHS England later clarified that local GP data could be incorporated into the FDP through local agreements between GP Data Controllers and Integrated Care Boards (ICBs), and that such data would be essential for local population health planning and management.
The data in question will be physically stored in cloud data centers, with Amazon Web Services (AWS) being the current provider. The FDP is designed to create individual “Tenants” for each trust, which are essentially independent instances of the platform where trusts will maintain control over their data.
Despite the assurance by Lord Markham, Sam Smith, a coordinator at the health privacy campaign group MedConfidential, questioned NHS England’s transparency regarding the FDP. He pointed out that the tender document suggests a single data store held nationally by NHS England, and challenged the organization to be more candid about its objectives.
Moreover, NHS England is purchasing “Privacy Enhancing Technology” from an independent supplier as part of the FDP procurement and has vowed to anonymize patient data within the platform. This development comes amidst contradictions, as information provided to The Register in September of the previous year indicated that technology firms would have access to the data for technical purposes, although they would not be able to utilize it.
NHS England defended this stance by emphasizing that technology companies will act as data processors, operating under legally binding contracts and only carrying out functions as directed by the data controller. The spokesperson clarified, “The data processor must work within agreed contractual terms and cannot make decisions on further data use or sharing of that data without the agreement of the data controller – this means that they can only do what they are instructed to by the NHS data controller and cannot access, use or share data unless specifically instructed to do so.”