back to article UK's National Health Service will roll existing Palantir work into patient data platform

Documents from NHS England show services provided by Palantir – which began in the COVID-19 emergency – will become part of the controversial £360 million ($429 million) Federated Data Platform, a move critics argue gives the US spy-tech biz an unfair advantage in the competition. Palantir has made the project a "must win" …

  1. Anonymous Coward
    Anonymous Coward

    >Does spy-tech supplier have a head start in bidding for the controversial deal it considers a 'must win'?

    A head start? They've designed the course, picked the date, selected the runners, hobbled the competition and bought out a brace of the judges.

  2. alain williams Silver badge

    Whoever wins the contract ...

    must be entirely UK owned, run, controlled, ... otherwise our personal data will just run overseas for profit and political (mis)use. Unfortunately I doubt that this condition will be imposed.

    Having clauses in the contract to prevent misuse will not stop it. The USA especially has crap data protection laws and USA Freedom Act (son of Patriot Act).

    However: I fully expect that my personal data to be exfiltrated by Plantir and some lame excuse/apology made as response to a scandal in a few years time.

    1. Anonymous Coward
      Anonymous Coward

      Re: Whoever wins the contract ...

      Since we don't get an opt out; is there a petition up yet..?

      1. Anonymous Coward
        Anonymous Coward

        Re: Whoever wins the contract ...

        Yes!!

        Link: https://nopalantir.org.uk/

        1. Anonymous Coward
          Anonymous Coward

          Re: Whoever wins the contract ...

          It's ironic that this petition has an option to share it on Facebook.

    2. Anonymous Coward
      Anonymous Coward

      Re: Whoever wins the contract ...

      That's the idea, it's like prism.

      NHS can't sell your data so planitar take it to USA and sell it to UK (insurance) companies from there. All legal and above board. Then everyone finds out. Couple of complaints then carry on.

    3. BOFH in Training

      Re: Whoever wins the contract ...

      Don't forget the slap on the wrist when this happens.

      1. Anonymous Coward
        Anonymous Coward

        Re: Whoever wins the contract ...

        I'm sure ICO have already prepared their statement. No, silly, it's the same template, just fill in blanks...

        1. Anonymous Coward
          Anonymous Coward

          Re: Whoever wins the contract ...

          > I'm sure ICO have already prepared their statement.

          > No, silly, it's the same template, just fill in blanks...

          I find it interested and strange that ICO appear to have made no public comment on the BMA's recently objections to NHS England instructing the 2 main GP Patient Records Systems providers to share GP records with a central system in breach of Data Protection law.

          To quote from BMA's 25 October letter to GPs ("https://www.bma.org.uk/media/6330/bma-accelerated-access-to-gp-25-oct-2022.pdf"):

          "Under the Data Protection Act (DPA) 2018 GPs are the Data Controllers for their patients’ records (current and previous). The GP system suppliers, via the CCG/ICB Practice IT agreement are their Data Processors. Under DPA 2018 Data Processors cannot be instructed by anyone other than their Data Controller to change record access settings. It is therefore unclear on what legal basis NHSEI will be relying to direct the suppliers to turn on this functionality."

          The BMA also provided a template letter for GP Practices to send to the vendors reminding them of their legal obligations as Data Processors:

          "We would view your ignoring this instruction as a breach of the data controller and processor relationship. We view the interference by other agencies as acting ultra vires and inconsistent with data protection law."

          As almost one month has passed since the BMA's statement I would have expected the ICO to have issued some form of statement/clarification by now, however no sign of anything relating to that on their website.

          Meanwhile today the Information Commissioner found the time to gave a waffling speech at a conference: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/11/how-the-ico-enforces-a-new-strategic-approach-to-regulatory-action/

    4. Anonymous Coward
      Anonymous Coward

      Re: Whoever wins the contract ...

      >must be entirely UK owned, run, controlled, ... otherwise our personal data will just run overseas for profit

      you should be caring a lot less about this kind of thing - because it's *probably* not going to happen - and a lot more about the cast-iron fact that the NHS are planning to shovel four hundred million quid to a company with no track record in health & social care, and are planning to do so with no business case, governance, oversight or safeguards of public funds

    5. Anonymous Coward
      Anonymous Coward

      Re: Whoever wins the contract ...

      must - says who? Certainly not those who decide musts and mustnots :(

  3. Will Godfrey Silver badge
    Unhappy

    Quality of service

    Treatment for us proles will drop through the floor, while the entitled ones will get all the benfits.

  4. Peter Galbavy

    If the data is worth that much, even if it's feasible to actually anonymise it (which it is not), then why - apart from corruption and cronyism - is not the NHS or the government selling it directly for the income?

    Oh, yeah, sorry - I said corruption and cronyism, didn't I?

    1. Anonymous Coward
      Anonymous Coward

      They already do. External organisations (primarily researchers) can request access to NHS datasets via NHSD's DARS. These requests are done on a pseudo-commercial basis and the charges may be viewed here: https://digital.nhs.uk/services/data-access-request-service-dars/data-access-request-service-dars-charges

      Historically these datasets were produced as by-hand extracts and delivered over FTP or similar. Increasingly access is instead granted to an air-gapped Trusted Research Environment (run & owned by NHSD) where researchers are granted in-place, exclusive access to redacted subsets of data that match their request with additional anonymisation techniques applied, in addition to a set of pre-approved, pre-integrated data analysis tools and libraries. This eliminates the risk of data exfiltration, maximises researcher productivity and minimises the amount of time NHSD spend prepping and delivering extracts.

      This has all been built in-house by NHSD leveraging a healthy mix of open source and vendor-supplied components. Any narrative told about the Federated Data Platform being necessary for the NHS and our broader health sector to get value from our data is complete fucking nonsense.

      1. cyberdemon Silver badge
        Coffee/keyboard

        This eliminates the risk of data exfiltration..

        See icon.

        Air-gapped, my foot.

        I run an air-gapped network at home - between my laptop and my wi-fi router.

        And how do the "customers" get their reports? Dot-matrix fan-fold? Or do they pay extra to bring in their 4TB NVMe thumb-drive and download the lot so they can de-anonymise it at their leisure ?

        To say that this "eliminates the risk of data exfiltration" is just nonsense.. "Minimises" is even doubtful. "Reduces" would be the honest description.

        Even the AWE can't operate a truly air-gapped network, so I'm told.

        1. Anonymous Coward
          Anonymous Coward

          Re: This eliminates the risk of data exfiltration..

          >And how do the "customers" get their reports?

          Through privately routed VDIs. There's obviously supporting bits for governed data in/data out when appropriate, but otherwise no external network access. It's as air-gapped as you're going to get. In particular the data platform itself has no external connectivity. You'll have to forgive me for not giving you a detailed run-through of the architecture in a commentard post, but if you'd like to know more then as a public service run by the public sector for the public good, you can access its documentation here: https://digital.nhs.uk/coronavirus/coronavirus-data-services-updates/trusted-research-environment-service-for-england

    2. Anonymous Coward
      Anonymous Coward

      As someone who works in the NHS, it's two reasons:

      - Complexity. People still think "the NHS" is a thing. It isn't, it's essentially a collection of tens of thousands of franchises with their own baggage of legacy technical, skills, contractual obligation, data quality issues, that have historically been told to compete with each other.

      - Public money. Ultimately the paradox is the NHS is paid for with public money and has certain obligations a private company doesn't have. On the whole this is overwhelmingly a good thing, but means doing things like "selling data for money" is a much much harder and lengthier process than normal (even buying common equipment is surprisingly difficult and lengthy)

      (Off-subject, I'm very much not in the mainstream with this opinion, but personally I think the best way forward at this point is for the UK gov to outright buy one of the major EPR producers (as in, including dev staff), and develop/maintain their own national solution. It's madness to keep paying astronomical implementation/support costs to a myriad of US industries and not improve the state of UK health data holistically)

  5. Evil Auditor Silver badge

    Also true here: if it's free, you are not the customer, you are the product being traded. And yes, £1 for a data platform is free.

    1. Rosie Davies

      The NHS is not free. It's paid for by the public to deliver a public good. Personally I feel it to be a Damn Fine Idea(tm).

      Except for those bits of the public that pay expensive accountants to stop them having to contribute, obvs.

      Rosie

      1. Evil Auditor Silver badge

        I've never considered the NHS to be free. My comment was about the £1 offer from Palantir.

      2. Anonymous Coward
        Anonymous Coward

        Though it seems that NHS Scotland wants to introduce a two-tier, paid-for service:

        https://www.bbc.co.uk/news/uk-scotland-63659754

        So pay for it in taxes, the pay for it again if you are rich enough (and how rich is rich enough? Or rather, how poor is poor enough not be charged twice?)

        1. Anonymous Coward
          Anonymous Coward

          first they came for the rich

          you're next.

          then you.

      3. 43300 Silver badge

        It's a good idea in many ways, but the model simply doesn't work - it's become a bloated, wasteful behemoth wit little accountability. It needs breaking up and the service delivered via an alternative model (plenty of successful ones in Europe to model it on).

        Unfortuantely it's a national religion these days and any criticism of the NHS is regarded by some as blasphemy. Such people also seem to think that the only possible other model is the US system - which is probably the only 'western' country which has an even more dysfunctional health system than the UK.

      4. Anonymous Coward
        Anonymous Coward

        paid for by the public to deliver a public good

        I feel like a Putin's troll by saying this, but I have an impression that the idea or rather, the result of health services, 'paid for by the public to deliver a public good', looks currently, overall, like a badly leaking ship, and not only in the UK, but in a few other European countries I care to... track, all of them considered 1st world, no Dustystans and such ‘funny places’. Likewise other public services, education, housing, public transport (fine, public transport is anything but - the name). Or is it that these 'free' services have always an unplanned love child you have to live with, you didn't abort, now can't just kill it off cause like, humanity and stuff, and if we can't have real communism, how about a few bits to make us feel we’ve made some progress since mid-1880s? But then, life's tough, another economic disaster after the one of 2009, how time flies, and we're 'only' trying to recoup our lifelong costs by extracting some blood from the poor nhs cripple, no harm done, and bone marrow, poor thing, can't walk anyway, and you know, every little helps, what’s wrong with some data, no harm done, all for scientific progress, eternal health, etc., and you know how much it costs to employ those boffins, eh?

        I just have an impression that since I started paying attention (around 1990, I guess), every sector of these public services in these countries, including in the UK, has been in regular / permanent / deep / fundamental / structural / existential downfall. Have they always been poor and stay poor, i.e. firmly stuck at the bottom, rusting quietly, or do they really dig into the bedrock trying to prove the bottom is where we decide it is? Or are our expectations just higher, or maybe too high? Since, clearly, a 1st world country can't find enough revenue to cover the expenditure of those - apparently - essential - public services?

        OK, end of rant, time to collect my 5 roubles' worth, today's sponsor is a bargain-basement Iranian-designed, Zhejiang-assembled, flak jacket maker Thunderfuck.

  6. Anonymous Coward
    Anonymous Coward

    Some History Needed In This El Reg Piece....Really!!!

    Problems:

    (1) Palantir

    (2) GDPR.....seems it does not apply in this case

    (3) "Pseudonomysation".....does not work!! Surprise!!!!

    Link (item #1): https://www.bloomberg.com/features/2018-palantir-peter-thiel/

    Link (item #2): https://www.computerweekly.com/news/252482365/Privacy-International-puts-Palantir-in-the-dock-for-NHS-data-analysis-work

    Link (item #3): https://www.theguardian.com/technology/2019/jul/23/anonymised-data-never-be-anonymous-enough-study-finds

    .....and still NOTHING is being done to stop this huge, probably illegal, privacy-breaking slurp!!!!

    1. Anonymous Coward
      Anonymous Coward

      Re: Some History Needed In This El Reg Piece....Really!!!

      re. NOTHING is being done, but once the deed / deal is done... it's a done. And, in a few years, you might, just might, hear some mumble-mumble guess-you-might-considered-it's-enforced-apology from some poor (...) forced to make this public statement. This is, of course, if the same conservative lot stay in power. While those on the decision-making level of the the gov side miraculously will have migrated to various other, well-paid no-jobs, quite possibly within the 'health data industry'. With the new Labour lot... well, they will cheerfully say: nothing to do with us, blame those horrible, horrible conservatives! But we want to reassure the public that we're doing everything possible to investigate, and to this effect we decided to set up a commitee / review board / inquiry / charitable fund / ministry department / all of them at once, to investigate this further, speak to you in 10 years time!!!

  7. Anonymous Coward
    Anonymous Coward

    (Once again, I am the same person who mentioned I already knew about Palantir things.)

    > Among three key concessions, the government said it would not offer companies like Palantir a long-term NHS role without consulting the public.

    This is not a concession. It will cost too much to redo things. Why is this not just being built, less shinily, but in the open, as and with (mostly) open source software? This is a spending of public money - it should go towards the public good.

    1. Dasein
      Linux

      Publically funded & publically sourced, I like the sound of that.

  8. Anonymous Coward
    Anonymous Coward

    I'm glad the US now has access to my health records

    I'm sure they won't misuse it for their own ends - after all - the West does collectively stand for the rule of law, freedom, democracy and all that other mighty fine stuff!

    Don't worry about the WMD issue in Iraq etc - it's all for the greater good - weaker countries must be eliminated to ensure only the most virile and successful regimes flourish

  9. SloppyJesse

    "enable NHS decision makers to best plan use of resources and improve patient care."

    Did you mean "Identify the bits that might be profitable for healthcare companies to lobby government for more public-private partnerships[1]"

    [1] because privatisation is so 1980s

    1. Anonymous Coward
      Anonymous Coward

      essentially, yes. Obviously, they still perceive 'improving patient care' can be done by further privatisation. Instead of the original idea of PPPs to remove public inefficienty / wastage, because private is lean and mean, they allow lean and mean to grow fat on public inefficiency / wastage. It's cancer, it's growing, and it keeps getting fed.

  10. Eclectic Man Silver badge
    Flame

    "Must Win"

    I really hate the management concept of a "must win" contract. OK, so if they have literally 'bet the business' on the win, then they may have a point (although whether they should have bet their business on it is another matter). My personal experience of 'must win' bids is entirely awful. A board level director has decided that for some reason we have to win this specific bit of business. The sales team, the bid manager, the accountants and all of the non-technical people are motivated by promises of bonus on win or opprobrium if lost. BUT the management will not listen to any caution, or arguments about why we should perhaps be more careful or maybe even assess the potential work in the light of discovery even from their technical experts. Once you set a bid as 'must win' you give all the power to the client who can dictate terms.

    One 'must win' bid which we lost went to a competitor. The entire bid team was relieved to have 'lost' as we'd not have made any money and the client was basically trying to outsource their many problems. The 'winner' was held in breach of contract after 3 months and walked away a few weeks after that.

    And people wonder why people like me cannot be induced back to work. If I had some experience of good (rather than occasionally adequate) management, instead of the frankly idiotic and sometimes downright appalling and bullying management I might be interested.

    Sorry to be so negative, but I've had my fill of meaningless management speak which often leads to much anguish and pain for us plebs.

    Right I'm off out to let off some steam.

  11. Tron Silver badge

    One database to rule them all.

    DNA from covid tests, Photo ID from biometric 2FA, linked by NHS and NI numbers. And everything/everyone trackable, 24/7/365.

  12. Anonymous Coward
    Anonymous Coward

    first they took the NHS

    but I wasn't worried, because I couldn't get through to my surgery

    ...

    but why, my friend, all you have to do is register your details... here, and your consents here, here and here, and you're all set. Easy!

  13. TimMaher Silver badge
    Trollface

    Covid

    Wasn’t that caused by eating a Palantir? Or was it a pangolin?

  14. Anonymous Coward
    Anonymous Coward

    Easy

    Just never get sick.

    [Troll]

  15. Anonymous Coward
    Anonymous Coward

    Palantir is not so evil afterall

    I believe you all need to have a better understanding in what they do. They are just a software company that manages the data. Data is stored in UK and used by your GP.

    From my non IT-view, they help to organize large set of data and make sense for the user. In which the user is the GP, UK residents.

    How does this software company go into selling data for insurance company - maybe can share any link? You can sue them and make huge money if they are caught selling data to third party.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like