Palantir gained access to NHS patients' personal data — Parliament objects

NHS England gave the American company Palantir full access to patient personal data while developing an AI platform for healthcare analytics and improvement. Particularly alarming: the data was transmitted before it was anonymized — with names, addresses, medical histories. This provoked serious criticism in parliament and concerns about the privacy of millions of Britons.

How This Happened

NHS England concluded a data access agreement with Palantir and other contractors as part of the Federated Data Platform project — a unified system for healthcare analytics. According to Financial Times reports, Palantir received "unlimited access" to certain categories of patient data ahead of schedule. Inside NHS, they themselves understood the danger. Documents that journalists managed to obtain show that employees feared a "risk of loss of public trust" and other reputational problems. Despite this, access was granted — apparently to accelerate platform development.

Normally in proper systems, data is either fully anonymized (everything that identifies a specific person is removed) or strictly limited to a defined group of people who can access it. Here, a combined worst-case scenario occurred: an American company gained access to personal data of British citizens before it was protected.

Criticism from Parliament

MPs called such an approach "dangerous" and said it would "fuel public concerns about data privacy." Several points are being criticized:

• Palantir is a foreign company, and its access to healthcare raises geopolitical questions
• Identifiable data was exposed without proper protection (before anonymization)
• NHS itself was aware of this risk, but acted in haste
• There is no transparent explanation for why data could not first be de-identified
• Patient privacy is sacrificed for the sake of development speed

Parliamentarians demand a full explanation and stricter policies for future projects.

Why This Matters

Federated Data Platform is truly a needed project. A unified data system can help NHS identify disease patterns, optimize treatment, save lives. AI in healthcare is not the enemy. The enemy is implementing such technologies without proper privacy protection.

"Risk of loss of public trust" — a phrase from NHS internal documents

Interestingly, NHS itself knew this. They saw the risk. But they acted in haste — apparently under pressure from deadlines and budgets.

What This Means

This case is a classic example of the dilemma between the speed of implementing new technologies and protecting citizens' rights. When companies (especially foreign ones) and governments rush to implement AI, they often ignore privacy. But this is a mistake — loss of public trust can be more expensive than several months of proper data protection. For business and IT companies, the lesson is simple: security first, development speed second.