NHS data, Palantir & the reintroduced data protection bill

NHS hospitals to share data with Ai-driven US tech company.

According to two reports from openDemocracy and The Times, Julian Kelly, the Chief Financial Officer for NHS England sent a letter last month ordering hundreds of NHS hospitals to share patient data to Palantirs’ Ai-driven system by the end of March.

OpenDemocracy report that “The new database, called ‘Faster Data Flows’, collects daily information about hospital patients – including their dates of birth, postcodes and detailed medical histories”.

Palantirs ‘Faster Data Flows’ (FDF) is an AI-driven platform that processes data and supposedly “supports decision-making” by doctors. Palantir is considered a front runner, with its’ strong AI offering, for the £480M NHS IT project that expects to build a data lake that is envisaged to hold all health information from the NHS, including GP and social care records.

Concerns have been raised that the FDF system will give Palantir an incumbent advantage for this £480M tender process. Where significant taxpayer money will already have been invested, NHS trusts will not have the funds to redo work to integrate with any other system, so the bid will be ‘rigged’ as it would be cheaper to keep going with the Palantir FDF system.

Two key points openDemocracy brought to our attention; NHS England told openDemocracy “it would alter or remove identifiable personal information before it was passed to Palantir”, a process which should consist of “pseudonymisation”. Also, Palantir insisted that it does not have access to any “identifiable medical records”.
But an NHS document obtained by openDemocracy admits that the company will “collect and process confidential patient information”. It is not clear what, precisely, this processing entails.

Under current GDPR laws, Ai and automated decision-making has to be governed by strict rules. Both the UK ICO1 & the EU EDPB2 have issued studies and guidance on these matters.

However, with the reintroduction of the data protection bill into the UK parliament, it is clear that the UK government’s strong emphasis on reducing data protection rights for ‘research’ and ‘development’ could be timed to introduce such systems from Palantir.

So let me leave you with this thought for your day; much has been made in media outlets of the intrusive data sharing with foreign governments from apps such as TikTok, lest we forget that the special categories of data we refer to in this article could now be shared with the introduction of a system like Palantir’s FDF and because of the failure of agreements like Privacy shield and the existence of the USAs CLOUD act, just think with the reintroduction of new measures in the UK 2023 data protection bill, you will have no right to opt-out or restrict your medical information being shared.

1 https://ico.org.uk/for-organisations/guide-to-data-protection/key-dp-themes/guidance-on-ai-and-data-protection/
2https://www.europarl.europa.eu/RegData/etudes/STUD/2020/641530/EPRS_STU(2020)641530_EN.pdf