Exclusive NHS England has received advice from lawyers saying key aspects of its controversial Federated Data Platform (FDP) lack a legal basis, meaning that unless a solution is found, it must allow citizens to opt out of sharing their data.
The FDP is being built by US spy-tech biz Palantir following the award of a £330 million seven-year contract by NHS England, a non-departmental public body under the Department of Health and Social Care. The total four-year budget for the project is actually £485 million, The Register revealed weeks ago.
In December last year, a group of campaign organizations led by Foxglove began preparing a legal challenge alleging there is no lawful basis to create the FDP, as described in procurement documents, within the current legal directions used to obtain and share data within the NHS.
At the time an NHS spokesperson said: "This letter fundamentally misunderstands how the Federated Data Platform will operate and is totally incorrect in both matters of law and fact."
However, documents shared with the FDP board in March show that NHS England had received legal advice showing a vital aspect of the program – its privacy-enhancing technology (PET), to be provided by IQVIA – lacked a legal footing to proceed.
Board documents seen by The Register state that NHS England got the advice from King's Counsel – its team of barristers – that PET "will require a separate lawful basis to process PCD [personal confidential data]."
It adds that unless NHS England finds a solution, it will have to offer all patients the opportunity to opt out of sharing their data with the FDP under the current legislation for the control of patient information (Section 251 of the National Health Service Act 2006).
"There is a risk that a Section 251 will be required, which could result in the National Data Opt Out being applicable to all flows," the document says.
The FDP program board was told NHS England would work with its lawyers and information governance personnel "to develop an approach." It said further advice was "expected shortly," as of March.
Foxglove director Rosa Curling told The Register: "The best policy here is honesty; the government should be transparent about whether or not the whole of the FDP is backed up by law, and if not, explain what it intends to change, then let patients decide if that action is sufficient to maintain their trust in the platform."
NHS England declined to comment.
In an FAQ, NHS England says it plans to use the FDP to help NHS organizations collate the operational data stored in separate systems to help staff access the information they need. This data includes the number of beds in a hospital, the size of waiting lists for elective care services, or the availability of medical supplies.
- Prior UK government planned £485M four-year budget for Palantir-based healthcare system
- Labour wins race to lead UK, but few would envy the load in its tech in-tray
- UK public voice fear over security in NHS data systems
- KPMG bags £8.5M NHS gig as cheerleader for Federated Data Platform rollout
The idea is that every hospital trust and integrated care system (ICS) will have their own platform, but they will be able to connect and share information between them.
According to NHS England, the FDP is made up of a number of separate independent data platforms, each called an "Instance" alongside transparency and privacy-enhancing technology. Some Instances are operated by NHS England and are called "National Instances" while separate "Local Instances" are set to be operated by an NHS trust or an integrated care board, which manages care across NHS organizations and other local care providers, in social care, for example.
PET was set to be used to de-identify personal data, which involves processing personal data, from the summer of 2024. In this case, personal data might include "information that identifies an individual, including basic information such as a name, address, date of birth and contact details, and information about the individual's health and treatment."
In earlier efforts at data management across the NHS, the health service offered patients the opportunity to opt out, for example, with the General Practice Data for Planning and Research and Care.data schemes. Both programs were eventually scrapped.
With the FDP, NHS England maintains it does not need to give patients the opportunity to opt out. Previously, a Type 1 opt-out registered with a GP practice stopped confidential patient information being shared outside of their practice except when it is used for the purposes of their individual care.
NHS England says no confidential patient information that has come from a GP practice is being processed by a product in the National Instances of FDP. Meanwhile, confidential patient information held by GPs will only be used in the FDP in a Local Instance "for the purposes of individual care." Note that its earlier definition of the FDP was to bring together "operational" data.
A National Data Opt-Out had also been available to patients, giving them the right to "opt out of their confidential patient information being used for purposes beyond their direct care, unless an exemption applies."
NHS England says the National Data Opt-Out does not apply to data processed in the FDP because, in the National Instance, no confidential patient information is being processed "to which the National Data Opt-Out would apply." In Local Instances confidential patient information "is only being used for the purposes of direct care and therefore the National Data Opt-Out does not apply." Locally, trusts and care boards can allow patients to opt out, according to NHS England.
A spokesperson for campaign group medConfidential compared the NHS England's FDP plan around patient data to the Post Office Horizon scandal, one of the most significant IT disasters and miscarriages of justice in the UK in the last 50 years.
"NHS England will deny and delay the legal rights patients have over their own data for as long as possible. It's as if their legal strategy is inspired by the Post Office," he said. ®