back to article KPMG bags £8.5M NHS gig as cheerleader for Federated Data Platform rollout

The UK's health department has awarded global consultancy KPMG an £8.5 million ($10.5 million) contract to help implement the controversial Federated Data Platform (FDP) at a local level. NHS England, an executive non-departmental public body, has awarded the deal "for technical support and implementation services" to help …

  1. ChrisElvidge Bronze badge

    Nearly 400 million

    I thought that Brexit would give the NHS nearly this every week.

    Why are we giving it to essentially American companies?

    I wonder what Palantir and KPMG get out of this, over and above the fee

    Would it not be better to spend this amount on new, or refurbish, buildings and more staff to return the NHS to a working, at the point of patient contact, service as it was set up to be, and fix the data system afterwards?

    1. Gordon 10

      Re: Nearly 400 million

      Errrm. KPGM are actually Anglo-Dutch and because they are mostly a set of limited liability partnership the segregation between country entities is a lot higher than most multinationals. Their US staff is the biggest in term of headcount tho....

      This will be KPGM UK getting £10m of PR glitter to sprinkle over the £300m Palantir Turd.

  2. Anonymous Coward
    Anonymous Coward

    KPMG help to implement Federated Data Platform (FDP)

    Has KPMG a track record in implementing such a system. Or will they out-source it to another outsourcing outfit. These Multinationals usually have a full-time office devoted to massaging their reputation on Wikipedia. Lets go have a gander: KPMG International Limited.

    1. Gordon 10

      Re: KPMG help to implement Federated Data Platform (FDP)

      Reading between the lines this is rollout and deployment. They wont be in a position to give Palantir actual requirements, and even if they did the septics would ignore them. NHSEngland are probably quite capabile of fucking up the requirements on their own.

  3. Terry 6 Silver badge

    The thing is...

    I'd like my local GP services and hospitals to be able to access my files if I need them to. I don't want those files to be raked over by anyone who thinks they know how to make use of the data. I absolutely would not give any consent to have those files shared with commercial companies, so that the usual suspects can earn a few more yachts mining my (our) data.

    And my trust in either the government or those companies to turn down the lucrative promise of that data mining is somewhat less than by belief in the Tooth Fairy

    1. Anonymous Coward
      Anonymous Coward

      Re: The thing is...

      > I'd like my local GP services and hospitals to be able to access my files if I need them to.

      I assume of course that you'd expect/require such access/sharing would occur in compliance with data protection law?

      I'm still finding more and more compliance "holes" in the Northern Ireland Electronic Care Record (NIECR) sharing mess.

      Today's "fun" document received: one of the local independent (i.e. a registered charity and not part of "The Health Service") hospices has refuted my claim that they've been a Joint Data Controller for NIECR since June 2013 - they say they've only been involved since March 2018. Note they didn't state whether they've been a (Joint) Data Controller or a Data Processor - they're trying to get out of admitting that they've been a Data Controller as the defined "lawful basis" for NIECR participation has (allegedly) been Public Function/Public Task which is only a valid basis to be used by a Public Authority....which an Independence Hospice is not.

      They've also said "The hospice does not hold any agreement or contractual documentation on file relating to its participation in the NIECR". Hmm, assuming they'll (eventually) claim to a be Data Processor then it appears they've been in breach of Data Protection law (UK DPA 1998 prior to 25th May 2018, GDPR since then) by not having a written (DPA) contract in place to act as a Data Processor for NIECR.

      I'm sure they be very happy when I shortly respond by sending them multiple NIECR documents dating between June 2013 & August 2020 which list them as a Data Controller for NIECR. I'm sure they'll be even happier when I send them a copy of their hospice's signature (dated March 2017) as a Data Controller on a version of the NIECR DSA....what's that? their involvement only started in March 2018 eh? That's strange...

      Rewriting history to redefine many of the organisations originally involved as Joint Data Controllers to instead be labelled as Data Processors appear to be all the rage recently for NIECR - what a pity the organisation doing the Soviet Revisionism (i.e. "historical rewrite") is so incompetent that the Data Processing Agreements (DPAs) they had many organisations sign late last year (accompanying letter quote: "Please note failure to agree acceptance to the DPA and return of same may call into question the legal basis...to continue to access NIECR.") are not actually valid DPAs as defined by GDPR (Hint: the DPAs are missing some information that is mandatory for valid Data Processor contracts).

  4. Anonymous Coward
    Anonymous Coward

    KPMG

    Keep Paying More Generously

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like