NHS/Palantir Unlimited Access to Identifiable Patient Data – Fundamental Human Rights, Medical Sovereignty, and Confidentiality Framework Breach Concerning NHS England, the Federated Data Platform (FDP), and the National Data Integration Tenant (NDIT)

Overview

This disclosure records the confirmed policy position adopted by NHS England concerning the granting of broad administrative access to identifiable NHS patient data within the National Data Integration Tenant (NDIT), operating inside the NHS Federated Data Platform (FDP), the £330 million national NHS data integration infrastructure awarded to Palantir Technologies in 2023. (reuters.com) https://www.reuters.com/world/uk/britains-nhs-grant-palantir-contractors-unlimited-access-patient-data-ft-reports-2026-05-11

This disclosure does not concern ordinary NHS operational administration.

It concerns:

• externalised medical-data processing,
• non-sovereign computational infrastructure,
• identifiable patient-data exposure,
• administrative access to pre-pseudonymised medical identity structures,
• confidentiality degradation,
• informational sovereignty,
• proportionality failure,
• and the lawful legitimacy of granting external non-NHS personnel broad system-level access to intimate patient medical data absent direct explicit sovereign patient consent.

On 11–12 May 2026, multiple reports confirmed that NHS England had agreed to create external “admin” roles permitting broad administrative access to identifiable patient data within the NDIT environment prior to pseudonymisation processing. (reuters.comhttps://www.reuters.com/world/uk/britains-nhs-grant-palantir-contractors-unlimited-access-patient-data-ft-reports-2026-05-11 )

The NDIT has been described as:

“a safe haven for data before it is pseudonymised” (ft.comhttps://www.ft.com/content/8ce1b9be-1d51-466b-90de-54bff1a504ca )

This means identifiable patient information exists within the environment prior to anonymisation or pseudonymisation processing.

The disclosure further records that:

• the Federated Data Platform reportedly integrates data relating to more than 55 million NHS patients,
• and approximately 1.6 million daily healthcare interactions across NHS systems. (theguardian.comhttps://www.theguardian.com/society/2026/may/10/gps-and-hospitals-in-england-to-be-required-to-share-data-to-create-single-patient-records )

The internal NHS briefing reportedly acknowledged:

“risk of loss of public confidence”

concerning safeguarding identifiable patient data and the widening of administrative access structures. (digitalhealth.nethttps://www.digitalhealth.net/2026/05/palantir-to-be-granted-unlimited-access-to-nhs-patient-data )

The same briefing reportedly stated that broader access permissions were being pursued because:

“it is too inconvenient to apply for all of the necessary individual CDAs” (digitalhealth.nethttps://www.digitalhealth.net/2026/05/palantir-to-be-granted-unlimited-access-to-nhs-patient-data )

The disclosure further records that:

• previous NHS access structures reportedly required case-by-case confidentiality and disclosure approvals,
• whereas the revised structure allegedly permits broad administrative access through newly created external “admin” roles operating inside the NDIT environment.

This disclosure therefore concerns:

• non-consensual external medical-data processing,
• confidentiality erosion,
• informational sovereignty collapse,
• degradation of medical trust relationships,
• proportionality failure,
• public-trust destabilisation,
• and fundamental human-rights implications arising from external corporate administrative access to identifiable NHS patient medical data prior to pseudonymisation processing.

Palantir Operational Context and Cross-Domain Data Integration Concerns

This disclosure further identifies that Palantir Technologies is not operating solely as a conventional healthcare software provider.

Palantir’s wider operational history includes:

• military analytics environments,
• intelligence-sector deployments,
• law-enforcement integration systems,
• immigration-enforcement infrastructure,
• and large-scale governmental data orchestration platforms.

Palantir’s Gotham platform has reportedly been used within:

• United States military operations,
• intelligence environments,
• policing systems,
• and ICE-related immigration enforcement structures.

Palantir’s Foundry platform, used within civilian and healthcare contexts, operates as a large-scale data integration and orchestration environment designed to aggregate, model, and operationally coordinate complex institutional datasets.

The disclosure further identifies that:

• Palantir has previously held contracts connected to United States immigration enforcement systems,
• investigative case-management infrastructures,
• and deportation-support operational environments involving ICE and DHS structures.

The disclosure does not assert that NHS patient data is currently being transferred into immigration-enforcement systems.

However, the disclosure identifies that:

• large-scale externalised healthcare-data integration architectures,
• involving identifiable patient medical information prior to pseudonymisation,
• combined with strategic cross-domain data orchestration capabilities,
  may materially increase future risks concerning:
• profiling,
• vulnerability mapping,
• cross-domain aggregation,
• institutional surveillance expansion,
• and disproportionate state–corporate informational asymmetry.

The disclosure further identifies that:

• identifiable medical data,
• psychiatric histories,
• genetic and hereditary information,
• family-linked medical structures,
• and longitudinal healthcare histories
  represent among the most sensitive informational identity structures capable of existing within any national infrastructure environment.

The disclosure therefore identifies heightened proportionality, sovereignty, confidentiality, and human-rights concerns arising from the placement of identifiable NHS patient medical data within externally administered strategic data integration architectures connected to organisations with extensive intelligence, defence, and governmental enforcement operational histories.

Factual Record

April 2026 — Internal NHS Briefing

An internal NHS England briefing reportedly outlined proposals concerning broad external administrative access permissions relating to the NDIT environment.  

The briefing acknowledged:

• significant public concern,
• sensitivity concerning Palantir access,
• and risk relating to public confidence in NHS data safeguarding structures.  

The briefing reportedly stated that external contractors sought broader permissions because:

“it is too inconvenient to apply for all of the necessary individual CDAs.”  

May 11–12 2026 — NHS England Confirmation

Reuters, the Financial Times, The Guardian, and multiple technology and healthcare publications reported that NHS England had agreed to create external “admin” roles permitting broad access to identifiable patient data within the NDIT.  

The NDIT was described as:

“a safe haven for data before it is pseudonymised.”  

The disclosure identifies that:

• identifiable patient data exists within the NDIT prior to pseudonymisation,
• external administrative access therefore potentially reaches identifiable medical identity structures,
• and the processing environment forms part of the wider NHS Federated Data Platform architecture.

Federated Data Platform Contract

NHS England awarded Palantir a contract reportedly valued at approximately £330 million in 2023 concerning the NHS Federated Data Platform.  

The FDP is designed to:

• integrate disparate NHS datasets,
• centralise operational visibility,
• coordinate healthcare workflows,
• and orchestrate large-scale NHS data interaction environments.  

Legal and Human Rights Frameworks Engaged

I. UK GDPR Article 5(1)(a) — Lawfulness, Fairness, Transparency

“Personal data shall be:
processed lawfully, fairly and in a transparent manner in relation to the data subject.”

Analysis:

The disclosure asserts that identifiable patient medical data entering externally administered integration environments without direct explicit sovereign patient consent potentially destabilises:

• fairness,
• transparency,
• and reasonable expectations of confidentiality.

The disclosure further identifies that:

• broad external administrative-access architectures,
• pre-pseudonymisation exposure environments,
• and non-NHS access structures
  may exceed reasonable patient expectations concerning lawful and transparent medical-data processing.

II. UK GDPR Article 5(1)(c) — Data Minimisation

“Personal data shall be:
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”

Analysis:

The disclosure identifies proportionality concerns concerning:

• broad administrative access,
• external contractor access,
• and pre-pseudonymisation exposure environments.

The disclosure further contests whether:

• broad administrative-access structures,
• externalised processing environments,
• and scalable integration architectures
  remain strictly necessary and proportionate within the meaning of Article 5(1)(c).

III. UK GDPR Article 5(1)(f) — Integrity and Confidentiality

“Personal data shall be:
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing…”

Analysis:

The disclosure asserts that increasing:

• external administrative exposure surfaces,
• processor-chain complexity,
• and strategic third-party access vectors
  may materially increase systemic confidentiality risk.

The disclosure further identifies that:

• identifiable patient medical data,
• prior to pseudonymisation,
• allegedly enters widened external-access environments involving non-NHS personnel.

IV. UK GDPR Article 6(1) — Lawful Basis

“Processing shall be lawful only if and to the extent that at least one of the following applies…”

The NHS and associated public authorities commonly rely upon Article 6(1)(e):

“processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”

Analysis:

The NHS relies operationally upon statutory public-task processing provisions under Article 6(1)(e).

This disclosure contests:

• necessity,
• proportionality,
• and the legitimacy of extending healthcare processing into external strategic-corporate infrastructures absent direct sovereign patient consent.

The disclosure further identifies that:

• broad administrative access to identifiable patient data prior to pseudonymisation,
• combined with external non-NHS personnel access structures,
• may exceed reasonable patient expectations concerning public-interest medical processing boundaries.

V. UK GDPR Article 9(1) — Special Category Health Data

“Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs… genetic data, biometric data… or data concerning health shall be prohibited…”

subject to limited exemptions.

Analysis:

The disclosure identifies identifiable NHS patient data as among the most sensitive protected categories within UK and international privacy frameworks.

The disclosure further identifies that:

• intimate medical identity structures,
• healthcare histories,
• and biological information
  engage heightened dignity, confidentiality, and proportionality safeguards.

VI. Data Protection Act 2018

“The processing of personal data to which this Chapter applies is lawful under Article 6(1)(e) of the GDPR… if it is necessary for the exercise of a function of either House of Parliament, a function conferred on a person by an enactment or rule of law, or the exercise of a function of the Crown, a Minister of the Crown or a government department.”

Analysis:

The disclosure identifies:

• heightened obligations concerning sensitive health-data processing,
• confidentiality safeguards,
• and public-trust preservation obligations.

The disclosure further contests whether:

• external strategic-corporate administrative-access environments,
• and broad pre-pseudonymisation exposure architectures
  remain proportionate to the original confidential medical purpose for which patient information was disclosed.

VII. Common Law Duty of Confidentiality

Core Principle:

“The doctor is under a duty not to disclose, without the consent of the patient, information which he, the doctor, has gained in his professional capacity…”

Hunter v Mann

Analysis:

The disclosure asserts that:

• patients disclose intimate information within healthcare trust environments,
• not with the reasonable expectation of broad external corporate administrative access.

The disclosure further identifies that:

• widening external administrative-access structures
  may destabilise the foundational confidential relationship between patient and healthcare institution.

VIII. ECHR Article 8 — Right to Private Life

“Everyone has the right to respect for his private and family life, his home and his correspondence.”

Analysis:

The disclosure identifies identifiable medical data as engaging:

• dignity,
• privacy,
• autonomy,
• and informational sovereignty protections.

The disclosure further identifies that:

• broad external access to identifiable medical information
  engages proportionality and necessity considerations under Article 8 jurisprudence.

IX. NHS Constitution — Privacy and Confidentiality Rights

“You have the right to privacy and confidentiality and to expect the NHS to keep your confidential information safe and secure.”

Analysis:

The disclosure identifies conflict between:

• patient confidentiality expectations,
• and broad external administrative-access architectures.

The disclosure further identifies that:

• external non-NHS administrative access to identifiable medical information
  may destabilise patient trust and confidentiality expectations foundational to NHS care relationships.

X. UDHR Article 12

“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence…”

Analysis:

The disclosure identifies identifiable medical-data exposure environments as engaging:

• privacy,
• dignity,
• autonomy,
• and lawful proportionality considerations under international human-rights principles.

XI. ICCPR Article 17

“No one shall be subjected to arbitrary or unlawful interference with his privacy…”

Analysis:

The disclosure identifies:

• broad externalised administrative-access architectures,
• and non-consensual identifiable medical-data exposure conditions
  as potentially engaging arbitrary interference concerns within the meaning of Article 17.

XII. Convention 108+

“Special categories of data may only be processed where appropriate safeguards are enshrined in law…”

Analysis:

The disclosure identifies:

• proportionality concerns,
• safeguard concerns,
• and confidentiality concerns
  concerning identifiable health-data exposure environments involving widened external administrative-access structures.

XIII. UNESCO Universal Declaration on Bioethics and Human Rights — Article 9

“The privacy of the persons concerned and the confidentiality of their personal information should be respected.”

Analysis:

The disclosure identifies:

• medical dignity,
• informational autonomy,
• confidentiality,
• and biological identity protection
  as foundational bioethical principles engaged by the disclosure.

XIV. Nuremberg Principle of Voluntary Consent

“The voluntary consent of the human subject is absolutely essential.”

Analysis:

The disclosure extends informed-consent principles into:

• informational medical sovereignty,
• biological identity protection,
• and externalised healthcare-data processing environments.

The disclosure further identifies that:

• intimate medical information derives directly from the person and body itself,
• thereby engaging heightened consent legitimacy concerns.

XV. OECD Privacy Guidelines

“There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means…”

Analysis:

The disclosure identifies:

• purpose limitation,
• use limitation,
• collection limitation,
• and proportionality concerns
  concerning large-scale external administrative access to identifiable patient data.

XVI. UN Guiding Principles on Business and Human Rights

“Business enterprises should respect human rights. This means that they should avoid infringing on the human rights of others…”

Analysis:

The disclosure identifies human-rights implications arising from:

• state–corporate healthcare integration,
• external strategic infrastructure dependency,
• broad administrative-access architectures,
• and identifiable patient-data exposure conditions involving external corporate infrastructures.

Personal Impact and Whistleblower Risk

The disclosure further records that the author is:

• a public-interest whistleblower,
• an active self-litigant,
• and an individual publicly engaged in ongoing procedural, medical, institutional, and governance disputes involving NHS-related matters.

The disclosure therefore identifies:

• heightened vulnerability,
• heightened procedural exposure,
• and heightened confidentiality sensitivity concerning external access to identifiable medical records.

The disclosure asserts that:

• intimate medical data linked to active whistleblowing and litigation contexts now exists within externally administered integration environments,
• without direct explicit sovereign consent,
• and without meaningful patient-level participation in the access architecture itself.

Exhibits

Exhibit 35A

Reuters reporting concerning NHS England administrative access changes.  

Exhibit 35B

Financial Times reporting concerning “unlimited access” admin roles.  

Exhibit 35C

The Guardian reporting concerning identifiable patient-data access concerns.  

Exhibit 35D

Digital Health reporting concerning NDIT administrative-access structures.  

Exhibit 35E

Computing.co.uk reporting concerning identifiable patient-data access prior to pseudonymisation.  

Conclusion

This disclosure records a live and active NHS England policy position concerning broad external administrative access to identifiable NHS patient data within the National Data Integration Tenant environment prior to pseudonymisation processing.  

The disclosure identifies the resulting structure as engaging:

• medical sovereignty concerns,
• confidentiality degradation,
• human-rights implications,
• public-trust destabilisation,
• and proportionality conflicts across overlapping domestic and international legal frameworks.

The disclosure further records that the matter concerns not proposed future systems, but live operational governance conditions affecting NHS patient medical identity structures across England.