NHS insiders slam Palantir contract

After years of warnings about privacy, dodgy procurement and a slow ebbing away of patient trust, the NHS in England announced on Tuesday it had offered a £330 million contract for a major data platform to a group led by U.S. spytech firm Palantir. 

There’s little question that NHS data does need reorganising. Made up of hundreds of hospital trusts, dozens of commissioning boards and countless other clinical and administrative bodies, the NHS and the records it holds on all of us are highly disjointed. A “Federated Data Platform”, or FDP, will seek to connect various datasets to give hospital organisations and local commissioners information in a more complete and timely manner. If successful, it  will help the NHS manage its growing waiting lists and beleaguered emergency services.

In practice, virtually every aspect of the deal has raised concerns - from the procurement process to the implications of pouring health data - reams and reams of personal information, as intimate as it is lucrative - into a platform built by a company better known for helping the U.S. government hunt immigrants for deportation and using AI to help target aerial drones.

If it wasn’t bad enough already that Palantir is known as a spytech firm, its outspoken co-founder Peter Thiel has also been a  vocal critic of the NHS, once suggesting England should “rip the whole thing from the ground and start over.” 

The company, of which Thiel is no longer on the board, has distanced itself from this kind of comment. But that won’t stop many critics from seeing Palantir as a shadowy firm with nefarious designs on the NHS and its vast, valuable data stores.

And some also ask if, like so many NHS England tech programmes that came before it, is it simply destined to become another white elephant?

How did we get here? 

Palantir’s relationship with the NHS began as a flirtation: Dinner and cocktails (yes, quite literally) resulted in a charming little £1 contract for its “Foundry” software. A platform that would help analyse various data about the pandemic.

As the months went on, deals grew in both length and number. Soon, Palantir was helping the NHS track everything from stocks of personal protective equipment to mortality rates and COVID-19 testing.

“Some experts fear that, however limited the FDP is initially, it could still ultimately see the firm get closer to more and more data.”

Sometimes the quality of the firm’s work was criticised by the NHS staff who had to use it, as I reported for Health Service Journal (HSJ) back in 2020. But ministers seemed to like the firm, and public bodies carried on investing. Public spend with Palantir grew from £1 to tens of millions as its Foundry platform expanded. 

The firm’s relationship with government blossomed as more and more organisations signed up for data analytics contracts. Some of these deals went through open procurement. Some of them didn’t, like the extensions to that first Foundry contract.

Earlier this year, Palantir was handed a £25 million contract to “transition” its Foundry tech to the new FDP, before “exiting” to make way for the open, competitive procurement that would ultimately lead to this week’s deal: a fully-fledged engagement.

But in the end, the makers of Foundry 1.0 have also won this latest contract, paving the way for Foundry 2.0. 

Assuming no significant legal objections are brought, the FDP contract should be finalised and signed within the next week and a half or so.

Protecting the most intimate data

As physician and data science expert Ben Goldacre noted last year in a review on safe data use, the NHS has records of tens of millions of people stretching from the cradle to the grave. That’s an incredibly rich — and personal — dataset.

The FDP — different versions of which will be available at trust, integrated care system and national level — will not include all of an individual’s health data. The national version won’t have GP records, for example. But it will collect hospital data, much of which is patient-related. 

And integrated care systems may agree local deals to “ingest” primary care data for the purposes of “local population health planning and management,” an NHS spokesperson told The Register in June.

Analysing sensitive health data, Goldacre wrote, “is an extremely serious undertaking whose gravity must never be under-estimated, if the NHS is to maintain trust and active enthusiasm from patients and the public.”

NHS England has already said that Palantir won’t be able to access its data without its permission. That the firm will be responsible for the FDP’s infrastructure and not its content. 

Some experts fear that, however limited the FDP is initially, it could still ultimately see the firm get closer to more and more data.

To begin with, it seems like the platform will focus on “vacancy data and planning, rather than the detailed health of individuals,” says James Davenport, Hebron & Medlock Professor of Information Technology at the University of Bath. “The main threat here is what the military call ‘mission creep’, as Palantir etc, say ‘we could do a better job if we had access to a bit more data.’”

Regardless of the firm’s actual reach or intentions, experts also fear a lack of public trust in the FDP will undermine health research more generally, as it may encourage people to “opt-out” of sharing their NHS health data altogether.

“Confidential patient data” is that which includes information about your identity (like your name), and some detail about your health care (like a test result). 

You cannot “opt out” of data-sharing for the purposes of direct care. You can’t stop your GP from looking at your medical records while they try to diagnose you, for example, nor can you stop clinicians at a hospital discussing how to treat you.

You can, however, choose to prevent the use of confidential data for both research and the planning of health services. Academics, drug companies and royal colleges can ask the NHS for this data, for example.

When significant numbers of patients opt-out of sharing data, it can limit the scope and quality of research studies that rely on it. Patchy data also means health leaders have a poorer understanding of the populations their organisations serve, potentially leading to worse resource management. And this is felt all the more acutely for groups already poorly-represented in NHS data. 

“The more capacity it takes to implement the FDP, the harder overstretched trust staff will find it to use, and the fewer benefits will be reaped.”

For now, there are no explicit plans to use the FDP for either research or planning. But patients may still fear their data will eventually be used in such a way, and may “opt out” of sharing anyway. The Palantir deal may undermine their trust in the NHS to control their data altogether.

To its credit, NHS England has announced a public engagement programme to find out more how people feel about the FDP and other tech projects. But the two-year scheme of events and engagement won’t end until 2025. By then, it will be too late for the public to say no to Palantir.

Sam Smith, from pressure group MedConfidential, told The Lead NHS England is already failing to communicate clearly with members of the public about their opt-out rights.

As recently as 18th November, the FDP’s FAQ page said patients could not opt out of sharing data with the platform, as it’s used for direct patient care. 

But load it now, and it no longer simply says “no”. Instead, it says that the platform will not initially process identifiable data for reasons other than direct care.

Should this change in the future, the FAQ page says, the public will be properly consulted, and existing patient opt-outs will be respected.

“There's no clarity here. Are they going to change the text back to ‘no’ tomorrow? I'm not sure they can,’ Smith tells The Lead. ‘How did they get it so wrong that for the six months this FAQ has been up? And if that's gone wrong in the public FAQ, what else has gone wrong that they haven't told anybody about yet?”

NHS England said the text had been changed following consultation with various stakeholders and its internal legal team, to make it “crystal clear to people the cases in which opt out didn’t apply and had no impact on FDP, such as use of data for direct care.”

A question of value

It’s not just members of the public that need to trust Palantir. Organisations like hospital trusts and integrated care boards need to see value in the FDP before they will invest the time it takes to implement it in their systems.

But it hasn’t got off to the best start.

As of March, some 11 trusts piloting a nascent version of the FDP had paused or suspended using it. Between 26 and 37 have been trialling the tech, depending on whether you ask ministers or NHS England. At Milton Keynes University Hospitals Trust, staff told The New York Times they had had to manually ply the software with data because it didn’t cooperate with the organisation’s existing patient management software.        

This perhaps doesn’t chime with the image Palantir projects of steely, all-seeing competence. But for the procurement staff that saw the company’s PPE-tracking efforts play out during the pandemic, it might not be such a surprise.

At the height of the PPE crisis, already-overburdened staff were asked to supply daily stock data to Palantir’s Foundry via a Google Form. Initially criticised for asking for data that was too high-level to be useful (think ‘how many FFP3 masks do you have?” rather than “how many FFP3 masks do you have that actually fit your staff?”), insiders told The Lead it took months to make changes that should have taken hours. Meanwhile, other established tracking systems were already being used for similar purposes by numerous trusts.

The more capacity it takes to implement the FDP, the harder overstretched trust staff will find it to use, and the fewer benefits will be reaped.

And as an HSJ investigation revealed this week, just eight of the 36 pilot trusts reported seeing any benefits when asked. Those that did said it had improved their theatre utilisation and, in one case, helped speed up discharges.

White elephant or glorified spreadsheet?

Some procurement insiders fear the FDP could end up as another white elephant for NHS England.

At £330 million over seven years, it’s actually a relatively cheap investment. The organisation says around £25m will be spent in year one, leaving around £50m a year for the rest of the contract. That’s roughly 0.2% of the NHS’s total resource budget of £168.8 billion. 

Similarly for Palantir, currently valued at $42 billion, it’s a pittance.

And rather than being a bargain, this might be a case of you get only what you pay for. 

Speaking to The Lead, one procurement source questioned whether the FDP would just end up being a glorified spreadsheet. “Have they actually just bought Excel? And now you have to populate it with things and you have to create pivot tables before you get any value?” 

Alternatively, they suggested, it could be a gateway to more investments and tech deals for Palantir and other suppliers. If proper procurement rules are followed, that’s not necessarily a problem. But sprawling tech projects that spiral out of control are something the NHS has a worrisome history of.

Take the failed “National Programme for IT” — a top-down multi-billion-pound scheme to introduce electronic records systems and health informatics across the NHS. Could the FDP end up as something similar, “where hundreds of millions of pounds appear in a contract… and because the programme's so big, nobody really has a handle on what's actually going on and being delivered?” asked the source.

“Before you realise it, £350 million or whatever the value of the contract is spent. And then all of a sudden, we need some more money.”

For now, it’s far too early to say for sure if this is another budget drain that ultimately produces a white elephant. And for what it’s worth, Ben Goldacre said in his review that creating a national data analytics platform and workforce could cost about the same as digitising one hospital — something that often costs hundreds of millions. But he also suggested “creating teams and ideally institutions” to do so, not buying a third party platform from a U.S. spytech firm.

What is certain is that if the NHS wants to make the FDP work, it needs to get both the public and the organisations that serve them on board, says Cori Crider, director of the digital rights campaign group Foxglove.

“There’s so much we still don’t know about the FDP. Will it work? Nearly a third of hospital trials of Palantir’s kit this year seem to have failed, and we still don’t know why. If this system isn’t useful to frontline doctors, it risks becoming a half-billion-pound flop,” she says. “The FDP will also fail, unless government urgently moves to close the trust gap.”

And why have these kinds of projects failed before? In the end, it always comes down to the same thing, she says. “Because people didn’t trust officials to protect their health records.”