Members of Parliament have raised concerns over NHS England’s recent decision to grant the US technology firm Palantir access to identifiable patient data as part of its ongoing efforts to deploy artificial intelligence within the health service. Critics warn that this move risks undermining public trust in data privacy and marks a significant departure from earlier commitments to safeguard patient information.

According to internal NHS documents reported recently, staff from Palantir and other contractors have been given “unlimited access to non-NHSF staff” to sections of the NHS’s federated data platform (FDP) before patient data has been pseudonymised—a process intended to de-identify information to protect privacy. The FDP is a newly developed system designed to integrate disparate health datasets across the service, with Palantir awarded a contract worth £330 million to build parts of the platform and implement AI tools aimed at improving NHS operations and patient care.

The decision has drawn criticism from MPs and privacy advocates. Rachael Maskell, a Member of Parliament and former NHS worker, described the expanded access as “dangerous,” cautioning that it increased exposure of sensitive data to private interests. Maskell called for the government to intervene and halt further progression of the project. Similarly, Martin Wrigley, a Liberal Democrat MP and member of the technology select committee, described the approach to data security within the project as “somewhat cavalier,” suggesting that adequate security measures were not embedded from the outset.

The Patients Association, a healthcare charity, expressed unease about the lack of patient consultation regarding the expansion of data access. Rachel Power, its chief executive, emphasized the importance of transparency and clear limits on who can access patient information, urging that patients be consulted on such changes moving forward.

Palantir, which has faced controversy in various public sector roles internationally—including support for US immigration enforcement agencies and military contracts—has maintained it acts solely as a “data processor,” not a “data controller.” The company states its software processes data strictly according to NHS instructions, with technical safeguards and granular access controls preventing misuse. Palantir also confirmed that engineers’ access to identifiable data is logged, that they do not have permission to remove data from NHS systems, and that contractors must possess government security clearance.

NHS England reiterated that only a limited number of external personnel receive data access and insisted that strict policies and regular audits are in place to monitor compliance. A spokesperson highlighted that the engineers’ work on the FDP is vital for creating a central data collection platform intended to track NHS performance and enhance patient care.

Despite these assurances, public opinion remains uneasy. Recent polling found that over two-thirds of respondents are concerned about Palantir’s expanding public sector footprint, with 40% expressing distrust in the company’s handling of NHS patient data. Palantir is also reportedly nearing a deal to extend its AI capabilities in partnership with the Metropolitan Police, adding to scrutiny of its growing influence in UK government functions.