Even critical paragraphs on how NHS patients’ personal data will be handled have been blacked out.
As NC readers may recall, the UK government in November announced its decision, presumably made months, if not years, earlier, to hand the management of NHS England’s Federated Data Platform to Palantir, a tech company whose client list includes the US military, intelligence agencies and ICE, and which is currently providing technical and moral support to Israel’s myriad war crimes in Gaza. Just over a year ago, Palantir’s Chairman, Peter Thiel, told the University of Oxford Union:
“Highways create traffic jams, welfare creates poverty, schools make people dumb and the NHS makes people sick.”
Needless to say, the deal, even by the low standards upheld by today’s public-private partnerships, is controversial, and was awarded despite a promise in 2021 by the UK government that it would not enter into any new contracts with Palantir without consulting the public first. The contract for the deal was published on December 21, together with a contract signed with US health information technology giant IQVIA to provide “Privacy Enhancing Technology” for the Federated Data Platform.
Both the government and Palantir have insisted that the privacy of NHS patients will be respected and protected, and that their health data will not be sold onto third parties. Yet almost three-quarters of the text of the contract, including, ironically, almost entire sections relating to data protection and privacy, has been redacted. In other words, there is no way for NHS patients or doctors to know what has been agreed to. In total, 417 of the contract’s 586 pages, including critical paragraphs on how patients’ personal data will be handled, have been blacked out, according to the not-for-profit Good Law Project:
Remember Palantir’s heavily redacted contract with the NHS?
We’re taking legal action to find out what’s behind the black boxes.https://t.co/soEey4LNsb pic.twitter.com/K8Kdwiy88L
— Good Law Project (@GoodLawProject) February 18, 2024
“Not Just… Unacceptable, But Unlawful”
In response, the Good Law Project has sued the UK government in a bid to “uncover Palantir’s blanked out contract.” From its pre-action letter:
Transparency and accountability of public service delivery data and information builds public trust and confidence in public services. It enables citizens to see how taxpayers’ money is being spent; and allows the performance of public services to be independently scrutinised. It also supports the functioning of competitive, innovative and open markets by providing all businesses with information about public sector purchasing and service providers’ performance.
We think this is not just completely unacceptable, but unlawful. Government policy requires public bodies to give reasons when contracts are redacted, but despite the massive scale of the redactions in Palantir’s contract no reasons have been given.
The pre-action letter also raises about the contract the NHS has signed with IQVIA:
Around three-quarters of IQVIA’s contract is also completely redacted. This includes a section on the protection of personal data – precisely the issue IQVIA is being brought on board to address – so we’re challenging the NHS over this as well.
What makes this all the more concerning is the power imbalance between the NHS and IQVIA uncovered by the doctor and academic Ben Goldacre in 2020. According to Goldacre, IQVIA is free to collect and aggregate NHS hospital data and sell it to the pharmaceutical industry, but it can restrict NHS access to this collated data and its ability to share it with UK regulatory bodies.
With the upcoming launch of the Federated Data Platform, NHS England says it’s committed to “being transparent” around patient data. But these obliterated contracts show it hasn’t delivered on this promise.
Growing Public Backlash
News of the ruthless redaction of the contract’s 586 pages is unlikely to bolster trust in a deal that already faces widespread suspicion and hostility from NHS patients and practitioners. Dozens of civil society groups have kicked up a storm about the prospect of so much highly sensitive personal data being handled by one US company, especially one so deeply embedded in the rapidly emerging mass surveillance industry, and the government already faces a lawsuit challenging the legality of the deal.
“Is Palantir really the kind of company we want at the very heart of the National Health Service?” asks Cori Crider, director of Foxglove, a campaign group dedicated to challenging the excesses of tech giants. “This is a company who, at the start of the pandemic, had no track record of working with healthcare staff. They’re not a healthcare company. They weren’t a health data company. They were essentially a tech company who supported spies, police, the military and border forces.”
Just before the deal was announced in mid-November, the Doctors Association UK (DAUK) sent a letter urging the government not to hand the deal to Palantir. The letter was signed by 149 physicians, including Sir Richard Thompson, former chair of the Royal College of Physicians and Dr Helen Salisbury, a GP and member of the BMA board. Below are a few choice excerpts, though the letter is worth reading in full, especially for UK-based readers:
We understand you are due to sign a £480 million contract with Palantir for the Federated Data Platform (FDP). This would be the largest NHS data centralisation project in history. Many of us have worked in the NHS long enough to witness previous, expensive NHS IT projects – from Care Data to General Practice Data for Planning and Research (GPDPR) – fail. These projects failed because of patient distrust. We urge you to take immediate action to prevent history repeating itself…
1. Ensure patient trust – seek patient consent. The FDP can only succeed if it maintains public trust in the health service by ensuring patients have a say in how their data flows into it and is used within it. We are concerned by recent flip flopping about whether patients can opt out of sharing data in the FDP for uses beyond their direct care. Health ministers initially said reforms to patient choice and clarity around the application of opt-out within FDP was a high priority for NHS England. The FDP FAQ on the NHS website originally said the National Data Opt Out (NDOO) would apply to relevant data in the FDP. It was later updated to say patients cannot opt out of sharing their health data with the FDP at all, even for uses beyond their care. The FAQ says this is because patient data will go through an ‘anonymisation’ process. However, given the data in a patient’s NHS record is incredibly detailed, we are concerned it could be re-identifiable even after anonymisation.
Polling from YouGov… is a good temperature check on these plans. It found that almost half of adults in England who have not yet opted out are likely to do so should the Federated Data Platform be introduced and run by a private company. That would be disastrous for the NHS.
2. Ensure patient trust – choose a trusted partner. We urge you to consider whether Palantir is the most suitable, trustworthy and fairly procured supplier for the FDP… Palantir has a controversial reputation and has been heavily criticised for its work. with military, security, intelligence, and police agencies…
Palantir’s leaders have made public remarks that alarm us. Palantir chair Peter Thiel told the Oxford University Union that British love for the NHS was “Stockholm Syndrome” adding: “In theory, you just rip the whole thing from the ground and start over”. Last Sunday, Palantir’s CEO Alex Karp told the BBC, when asked whether data in the FDP could be sold in the future: “by the UK government, not by me. I don’t have the ability to do it”.
Nick here: Coincidentally, as we reported a few weeks ago, Tony Blair, who during his time as prime minister burdened the NHS with crippling, extortionate PFI loans, has been calling for the NHS to sell off its patients’ health data, “to fund cutting-edge treatments” and raise much-needed money for the health system. As I noted in that piece, what Blair is proposing is almost certainly a rotten deal for NHS patients but it could further enrich the principal donor to his TBI foundation, Larry Ellison, the owner of tech giant Oracle, which is trying to become the world’s most important online medical data company using its cloud technology.
Now, back to DAUK’s letter:
The design of the FDP procurement process appears to give an unfair advantage to Palantir. 36 NHS trusts were enrolled in pilots of Palantir’s Foundry software that serve as test runs for the FDP. No other bidder, such as Quantexa and a UK consortium, had such an opportunity to test its systems in NHS hospitals. It seems they have struggled to compete against Palantir’s advantage.
Palantir’s controversial reputation and any perception of their unfair advantage in the procurement process could lead patients to withhold critical information and to mistrust the NHS. We urge you to consider a more trustworthy supplier and review the procurement…
3. Ensure value for money, benefit for the NHS and sign a contract for a system that works. We have concerns about value for money, benefit to the NHS and effectiveness of the FDP. Please address these concerns during a pause. Of the pilots that ran, 11 of the 36 were suspended or paused in March. According to the FDP FAQ webpage, only one has restarted. We are concerned that such a large amount of money could be spent on a product that seems to have failed in approximately one third of its test cases.
Colleagues at some of the pilot trusts reported troubling details about the pilots. Liverpool Heart and Chest Hospital reported that the Palantir pilot: “didn’t meet our needs”. The New York Times reported that Palantir’s Foundry at Milton Keynes University Hospital Trust, didn’t work with the hospital’s systems, forcing staff to enter data manually.
Lastly, we understand that the directors from pilot trusts were recently asked by NHS executives to sign a letter supporting the FDP. Only 16 officials signed, suggesting most trusts who trialled Foundry did not feel able to endorse the FDP.
Is the Palantir Contract Even Legal?
Serious questions are being raised not just about the legality of the government’s heavy-handed redaction of the NHS’ contract with Palantir, but of the contract itself. In late November, four groups, including Foxglove, brought a lawsuit against the government claiming that the NHS’ Federated Data Platform, which facilitates the sharing of information, has no basis in law. From The Guardian:
[T]his may be the first in a series of legal actions prompted by fears that the FDP could lead to breaches of sensitive patient health information, and to data ultimately being sold.
Rosa Curling, director of Foxglove, a campaign group that monitors big tech and which is co-ordinating the lawsuit, said: “The government has gambled £330m on overhauling how NHS data is handled but bizarrely seems to have left off the bit where they make sure their system is lawful.
“You can’t just massively expand access to confidential patient data without making sure you also follow the law.”
Ministers must get parliamentary approval for the FDP before it proceeds, in order for it to be lawful, she added. “Government must go back to parliament to set proper rules for the sharing of data in this system. Until they do they’re breaking the law. Until they are crystal clear about how they will honour patients’ right to opt out, they are on a crash course with the public.”
The problem here is that the current occupants of the House of Commons do not tend to represent the public interest on this or indeed many other issues of general import, so even on the chance the issue did go back to parliament, there is nothing to say it wouldn’t pass with ease, especially given the current state of His Majesty’s Opposition.
The Labour Party’s Shadow Health Secretary Wes Streeting recently declared he would “hold the door wide open” to the NHS for the private sector if his party won the general election (h/t Colonel Smithers). Last week, the Finance Times reported that “investors are optimistic that a Labour government would ‘kick-start’ opportunities for greater private sector involvement in the NHS including more outsourcing of operations and greater use of technology,” as if that is what has been lacking during 14 years of Tory rule.