NHS England Reportedly Grants Palantir “Unlimited Access” to Patient Data. Europe Is Going the Opposite Way

For a world that is becoming increasingly worried about data protection, this news leaves a sour taste in the mouths of many people. According to a recent report from the Financial Times, the National Health Service (NHS) England has approved “unlimited access” to patients’ medical data for some external staff from third-party companies, including the tech defence startup Palantir.

The company has recently received a lot of flak for helping United States Immigration and Customs Enforcement (ICE) officers track immigrants and also for helping the Pentagon coordinate targeted strikes in Iran. Back in 2023, the company won a £330 million contract to build the NHS’s new data platform. Now, some of its staff reportedly have access to identifiable patient data.

Previously, anyone working with patient data had to apply for access to specific datasets each time they needed them. Sure, it was inconvenient, but it was considered more secure.

Now, NHS England has reportedly created an “admin” role. An internal briefing note obtained by the Financial Times states that it “permits unlimited access to non-NHSE staff.” The briefing also warns there is a “risk of loss of public confidence” when it comes to “safeguarding patient data.” The same document notes that external workers requested this access because applying for permissions individually was “too inconvenient.”

There is also political pushback against the move. Martin Wrigley, a Liberal Democrat MP, said: “This somewhat cavalier attitude to data security demonstrates how this whole project does not have security by design at its heart.”

While the UK appears to be heading in this direction, the rest of Europe seems to be moving the opposite way, as the European Commission is preparing a “Tech Sovereignty Package.” The goal is to limit what US cloud giants like Microsoft, Amazon, and Google can do with sensitive data, especially medical data. The EU appears to want tighter control over foreign companies handling public-sector health data, while the UK has reportedly handed Palantir broader access to its own systems.

The NHS defended the move, saying: “The NHS has strict policies in place for managing access to patient data and carries out regular audits to ensure compliance — including monitoring the work of engineers helping to set up the central data collection platform that will track NHS performance and help improve care for patients.”

“Anyone external requiring access must have government security clearance and be approved by a member of NHS England staff at director level or above.”

A Palantir spokesperson also said, “We are designated by law as a ‘data processor’… Using the data for anything else would not only be illegal but technically impossible.”

So, here’s where things stand: the NHS says the system is secure, while its own internal memo warns of a possible public confidence crisis. Europe is considering limiting US firms’ access to sensitive health data, while Palantir staff are reportedly being granted broad access to NHS patient records.

Which side gets it right? That debate will likely continue for a long time — especially as governments become more dependent on large tech companies to run critical public systems.