England’s healthcare data management systems are currently in flux as a result of the introduction of the Federated Data Platform (FDP). The FDP is a software product supplied and managed by Palantir Technologies, which aims to bring together different datasets across the NHS.
There is currently a lack of clarity regarding how GP practice and patient data is being used in the FDP. Initially, the government stated that GP data would not be included in the FDP. However, recent developments indicate that GP data is being transferred onto the FDP by Integrated Care Boards (ICBs). There is also concern that NHS England may transfer GP data into the FDP using nationally held datasets, for example GP mandatory reporting metrics, which requires further investigation.
This article serves as a short briefing reflecting our current knowledge regarding ICB use of GP data in the FDP. It outlines recommended action to take should GP practices wish to ensure that practice Data Sharing Agreements (DSAs) with ICBs do not permit the storage, processing and analysis of GP data on Palantir’s FDP.
Concerns around Palantir’s Federated Data Platform
The British Medical Association (BMA), legal bodies, patient groups, health charities and human rights organisations have raised repeated concerns about the FDP’s data governance and privacy, the threat to patient trust in the health system, as well as ethical objections about the supplier and procurement process.
The BMA has advised members to limit their use of the platform for non-direct care purposes. More information about Palantir’s FDP, and the concerns regarding human rights, data privacy, procurement and vendor lock-in, is available in the briefing document ‘Concerns Regarding Palantir Technologies in NHS data systems‘.
Review of data sharing agreements between GPs and ICBs
DSAs between ICBs and GP practices are currently under review across the country as products of the FDP become available for ICB use, in particular the Strategic Commissioning Tool (a product developed to assist ICBs with public health management and the 10 Year Health Plan). ICBs are under pressure to adopt this tool as the government has announced the planned closure of teams of data analysts known as Commissioning Support Units.
ICB data sharing agreements
i) Where data sharing agreements between GP practice and ICB exist and are vaguely worded
Analysts at some ICBs have informed the authors that they are being instructed to load data onto the FDP without seeking explicit consent from GP practices. This is enabled by vague wording on data sharing agreements where data storage and processing methods are not directly stipulated. For example, South Yorkshire ICB has explicitly stated that it does not intend to inform patients and practices that it plans to store data from GP systems on the FDP. Instead, the ICB will ensure that patients are “informed about their rights to data privacy through established channels”.
ii) Where there are clear and explicit Data Sharing Agreements or no Data Sharing agreements exist
In order to implement certain FDP products, the ICB may need to update data sharing agreements with GP practices. This is to enable ICBs to transfer GP datasets that they lawfully hold onto the ICB’s instance of the FDP. The authors are aware that across England, ICBs are seeking to update or introduce DSAs to facilitate the transfer of patient and practice datasets from practices to the FDP.
Concerns about erosion of patient trust
Due to the lack of an effective patient opt-out for the FDP, there are concerns that the valued relationships between patients and their GPs will be harmed.
GPs, as data controllers reviewing their DSAs, can use their judgment to consider whether patients have been adequately informed of their rights and have access to suitable data privacy policies. Some Local Medical Committees are already expressing discomfort about the use of GP data within the FDP and a reluctance to allow ICBs to transfer data to the FDP. Previously, GP refusals to share data with software schemes that were felt to be harmful, such as the GPDPR scheme, have contributed to the cancellation or postponement of the scheme.
Inclusion of GP data to the FDP has not been mandated, and it is within the power of individual GP practices to make decisions regarding the flow of their practice and patient data into the FDP.
Recommended actions
As data controllers, GP practices can stipulate in their DSAs with ICBs that they do not permit the storage, processing or analysis of GP practice or patient data on the FDP and associated products include this in their DSA.
A GP practice wishing to stipulate this in their DSA can include the following wording:
- Patient records, practise datasets and any other data shared by the practice must not be stored, processed or analysed in any instance of the Federated Data Platform and its associated products.
- Any changes to the storage and analysis platforms, data use cases or data requirements for GP practice datasets will be discussed and explicitly agreed upon in writing with the practice on a case by case basis.
If you would like to discuss the points raised in this communication further or have any other points to raise, we are happy to be contacted at [email protected].
For more information about Palantir’s software, see the briefing document ‘Concerns Regarding Palantir Technologies in NHS data systems‘.
