NHS grants Palantir admin access

The NHS Federated Data Platform is supposed to be boring in the best way — plumbing for hospitals. It links messy operational data so staff can manage waiting lists, beds, discharges, and performance faster. But this week the story stopped being about dashboards and started being about raw access. NHS England confirmed that Palantir staff and other outside contractors can get an “admin” role that lets them into a part of the system holding identifiable patient data. ### What actually changed? Before this, outside workers on the platform could get into the National Data Integration Tenant only by applying for access to specific datasets. The new setup creates an admin role with broader access for a small number of external workers, including Palantir staff and consultants supporting the platform. That is the core shift — from narrow, case-by-case access to standing privileged access. (digital.nhs.uk) ### What is the National Data Integration Tenant? It is basically the sensitive staging area. NHS reporting describes the FDP as a set of separate instances that connect existing systems, while reporting on this change points to the NDIT as the repository holding patient data before it moves into pseudonymised analytics environments. In plain English — this is closer to the identifiable source material, not the safer downstream view people usually mean when they say “analytics platform.” (theregister.com) ### Why is Palantir at the center of this? Because Palantir leads the consortium running the FDP under a contract worth up to £330 million over seven years, awarded in November 2023. The platform has been politically controversial from the start, partly because Palantir is a high-profile data company with defense and government ties, and partly because NHS data governance is always sensitive. So even if the rule applies to more than Palantir, Palantir is the name that makes the argument explode. (england.nhs.uk) ### Didn’t the NHS promise tight control already? Yes — and that is why this landed so badly. NHS England’s public material says the FDP is NHS-controlled, with each organisation managing access to its own instance, and with privacy and security built into the system. A 2023 ministerial statement also stressed that the software provider would not access NHS data except under NHS direction. NHS England still says strict policies, audits, security clearance, and director-level approval apply. (theregister.com) But the awkward part is that all of those controls can be true and people can still dislike the underlying permission. ### So is this a breach? No — not from what is public. This is a governance decision, not a hack. The issue is authorized access. That sounds less dramatic, but turns out it is often the harder problem. Breach response asks, “Who broke in?” Privileged-access governance asks, “Who did we let in, to what, and why?” This story is about that second question. (digital.nhs.uk) ### Why did NHS England do it? The reporting points to convenience and operations. An internal April 2026 briefing said external workers wanted the same permissions as NHS England staff because applying for individual data access requests was too inconvenient. That is a very normal enterprise-IT pressure point — the more central a platform becomes, the more teams push for permanent admin rights so work moves faster. But healthcare data is where “faster” collides with public trust. (theregister.com) ### Why are critics so angry? Because this looks like quiet scope creep. The briefing itself flagged a risk of losing public confidence in assurances around safeguarding patient data and appropriate access. Critics are not just worried about Palantir reading records for fun — the bigger fear is precedent. Once a central health platform normalizes broad vendor admin access, oversight has to work perfectly every day, not just after a scandal. (digitalhealth.net) ### What is the bottom line? The FDP is still meant to help the NHS run better. But this week made clear that the real argument is no longer whether the platform exists. It is who gets the keys when something goes wrong, needs fixing, or just needs to move faster. In health data, that is the whole game. (theregister.com)