Palantir contractors are getting 'unlimited access' to NHS patient data before it's anonymized

NHS England has created an admin role that gives external contractors, including Palantir staff, “unlimited access” to identifiable patient data. The access applies to the National Data Integration Tenant, the staging layer where raw patient records sit before they’re pseudonymised and distributed to other systems.

The Financial Times reported the change on May 11, based on an internal NHS briefing note. The previous practice required each individual working with the NDIT to apply for access to specific datasets. The new admin role removes that constraint for non-NHS staff working on the platform. Neither Palantir nor NHS England responded to Reuters’ requests for comment.

The briefing note itself acknowledged the risk: “There is currently considerable public interest and concern about how much access to patient data Palantir/Palantir staff have.” It recommended that external admin access be capped, time-limited, and regularly reviewed. Officials confirmed the recommendation was recently accepted, but said it would apply to only a small number of non-NHS staff.

The contract

Palantir won a £330 million contract in November 2023 to build the Federated Data Platform. The consortium includes Accenture, PwC, Carnall Farrar, and NECS. The bidding process was shorter and less transparent than usual and faced two legal challenges. After a challenge from the Good Law Project, NHS England republished the contract with fewer redactions. Originally, 417 of 586 contract pages had been blanked out.

NHS England has admitted the data protection section was still being negotiated after the contract was signed. A break clause arrives in March 2027, and the government has sought legal advice on whether to activate it.

What critics are saying

MP Rachael Maskell called the development “dangerous.” “As Palantir get their claws deeper into our NHS data, we can see how it is opening it up to greater private interest,” she told British Brief. “I ask the government to get a grip on this project before it is too late.”

Martin Wrigley, a Liberal Democrat on the Commons Technology Select Committee, said the change showed a “cavalier attitude to data security” that “demonstrated how this whole project does not have security by design at its heart.”

The opposition extends beyond Parliament. The British Medical Association, which represents over 200,000 doctors, passed a motion opposing the FDP rollout in June 2025, calling Palantir “an unacceptable choice of partner.” Strong words. In February 2026, the BMA directed doctors to limit their engagement with the platform. Over 47,000 patients have written to trust boards opposing it. A YouGov poll found 48% of English adults said they would likely opt out if the FDP were operated by a private company.

Several NHS trusts have already declined. Greater Manchester ICB rejected the platform in May 2025, citing patient and union objections, and reaffirmed that decision in November. Trusts in Leeds, Warwickshire, Essex, and London have also held back.

The context that won’t go away

The controversies travel. Palantir can’t shake them. The EFF reported in January 2026 that US Immigration and Customs Enforcement uses Palantir’s ELITE tool to draw data from the Department of Health and Human Services, including Medicaid records, to target deportation subjects. New York City Health + Hospitals declined to renew its Palantir contract, which expires in October 2026. Switzerland ended its Palantir relationship entirely over data sovereignty concerns.

Palantir UK chief Louis Mosley has pushed back against critics. “I think the BMA has chosen ideology over patient interest,” he told the Science and Technology Select Committee. He urged the government not to “give in to ideologically motivated campaigners” on the break clause.

What this means for you

If you’re a UK resident, your NHS patient data may be flowing through a system where external contractors can view it in identifiable form. Patient opt-outs under the National Data Opt-Out do not apply to the FDP, according to NHS England, because of a legal direction issued under Section 254 of the Health and Social Care Act 2012. That direction has not been published or subjected to parliamentary scrutiny.

The March 2027 break clause is the decision point. Chi Onwurah, who chairs the Science, Innovation and Technology Select Committee, has said ministers are right to explore “all options,” including withdrawal. Whether the government actually pulls the trigger depends on how much vendor lock-in Palantir has built into the system by then, and how loudly 47,000 patients and the BMA keep pushing.