US spy firm at centre of sensitive NHS patient data grab
The story below tells of alarming backroom deals being done without public or parliamentary scrutiny into the highly sensitive (and extremely valuable) NHS patient data system. The company involved is Palantir, a highly controversial American company that TruePublica has reported on several times in the last few years – that was at the centre of the Facebook/Cambridge Analytica Brexit scandal.
Palantir was initially funded by the CIA’s venture capital arm In-Q-Tel, and has deep state relationships with the Pentagon through its Gotham analytics software. The company also worked on the US army’s Distributed Common Ground System, a battlefield intelligence platform and has its technical systems used by Special Operations Command.
Its involvement with US Immigration and Customs Enforcement made headlines in 2019 when it was revealed that its software was being used at the centre of Trump’s deportation machine that separated children from parents.
In 2019, Algorithm Watch determined that Palantir’s software is nothing special, that it has constantly lost money and clients such as Coca-Cola and American Express have abandoned it – and declared – “Giving Palantir such control over private or public-sector data could be dangerous.”
By Crofton Black and Alice Milliken: A trove of internal UK government documents disclosed to The Bureau of Investigative Journalism has revealed that Palantir, the controversial US tech giant running the NHS’s Covid data store, had launched a charm offensive to sell its services to NHS chiefs as long ago as summer 2019.
Palantir, once funded by the CIA and known in the US for its involvement with defence and immigration agencies, shot to prominence in the UK last March, when it was given an “emergency” contract by the NHS to assist in handling the coronavirus pandemic, for an initial cost of just £1 (now a longer-term £23.5m deal).
But emails seen by the TBIJ show that discussions between Palantir and NHS chiefs about how the company could work with patient data were underway throughout the second half of 2019, months before the pandemic hit – and indeed that by January 2020, Palantir’s London team were already working on a product “exclusively focused” on the UK’s healthcare market.
The pandemic has thrown an urgent spotlight on how profit-seeking companies interact with Britain’s National Health Service – in particular any access that could potentially be granted to its “crown jewels”, a £10bn-a-year cache of patient data – with the government having handed out a series of emergency contracts to the private sector since the crisis hit.
In response to the Bureau’s latest findings, experts have described the Palantir deal as one in which speed trumped transparency and public scrutiny.
SafeSubcribe/Instant Unsubscribe - One Email, Every Sunday Morning - So You Miss Nothing - That's It
Discussions began over dinner and watermelon cocktails. On 2 July 2019 – the evening before the launch of the NHS’s new technology arm, NHSX – Palantir’s UK boss, Louis Mosley, hosted a meal attended by David Prior, chair of NHS England. Over exotic drinks, the party discussed potential future uses of the NHS’s data. The next afternoon, Mosley emailed Prior, thanking him for “chairing” the dinner.
“It was a fascinating and thought-provoking discussion,” Mosley wrote. “I’m more convinced than ever that the UK is uniquely placed to pioneer the next generation of medical discoveries and treatments.”
Prior responded that evening: “Louis, Thank you for hosting such an interesting dinner and also for the watermelon cocktails! If you can see ways where you could help us structure and curate our data so that it helps us deliver better care and provides a more insightful database for medical research do be in touch.”
Since March 2020, the government has enlisted a number of major businesses – including Microsoft, Amazon and Google – to help with its Covid data store, which is powered by software created by Palantir.
Back in 2019, there was no indication that a Covid data store would be necessary. But Palantir was already working hard to convince NHS officials that they needed its services.
Following their dinner, Mosley wrote to Prior later in July to offer a demonstration of Palantir’s software and an introduction to CEO Alex Karp. In his reply, Prior copied in NHSX chief Matthew Gould, who he said: “may already be in the loop”. The heavily redacted documents show that over the following months, Palantir executives eagerly engaged with Prior, Gould and officials at the Department for International Trade (DIT), offering demonstrations of Foundry in its offices at San Francisco and its pavilion at the World Economic Forum in Davos.
The strategy appears to have worked. By January 2020, officials at DIT were looking at ways to “support [Palantir’s] growth in the UK”, including “help with recruitment, identifying real estate for expansion [and] planning for visas”.
“These communications indicate the beginnings of what would be a strategic relationship,” Sam Smith, of the health data watchdog MedConfidential, told the Bureau. “NHS England was already talking to Palantir about its long-term data plans significantly before the beginning of the pandemic.”
DIT told the Bureau: “There is a robust process in place to ensure all necessary due diligence is undertaken on all government contracts.”
In December, Palantir’s contract with NHS England, for use of its Foundry software and engineers – which after its first trial period in March had been extended at £250,000 a month for six months – became a fully-fledged two-year deal to provide the NHS with “data management platform services” at a cost of £23.5m.
AstraZeneca, Microsoft and Amazon held talks on the creation of “an extraordinary and internationally unique resource”, a “single, national, standardised, event-based longitudinal record for Britain’s 65 million citizens
Yet discussions between Palantir and NHS leaders had begun 18 months earlier and were ongoing at the time of the NHS Health and Care Data Day, held in October 2019. Attendees at the event, first disclosed by the Register, included Prior, Gould and officials from other parts of the NHS and Genomics England, as well as representatives of AstraZeneca, Microsoft and Amazon. They held talks on the creation of “an extraordinary and internationally unique resource”, a “single, national, standardised, event-based longitudinal record for 65 million citizens”, an initial version of which could be delivered within two years.
A leaked slide from one of the day’s presentations by NHS Digital shows how such a system could work, with data sources from GPs, hospitals, community and social care “curated” into a “national data model” for use by care professionals, researchers and industry. The outcome, according to the presentation, would “radically improve the quality of care for patients, and the productivity and effectiveness of clinical teams”, and “make the UK a world leader in data-driven research and innovation”.
Palantir was not represented at the Data Day but the documents disclosed to the Bureau show Mosley told Prior that Palantir had held “a very positive meeting” with Gould earlier that month. “That’s good news,” Prior responded.
Palantir now has over 600 people in London
Prior and Mosley met again in San Francisco on 14 January 2020 for a demo of the software package, along with five “experts from within the NHS” and “about 10 persons including engineers and health science experts” from Palantir. “Palantir has over 600 persons in London,” a report from the meeting stated the following day, “where they are working on their second product – Foundry which is focused exclusively on the health care market in the UK.” Two months later, with an emergency contract having been given to Palantir, Foundry was being used to power the NHS’s Covid data store.
The data store is slated to be wound down at the end of the pandemic, although no firm date has been proposed for this. However, the fact that Palantir’s new contract includes a clause outlining “service recovery planning … with the ability for the Buyer to transition this tool for general business-as-usual monitoring” implies that use of the software could continue in the long term.
“New processes, infrastructures and partnerships have been set up to analyse data during the pandemic – but speed has often come at the expense of oversight and transparency,” said Dr Natalie Banner, who leads the Understanding Patient Data initiative. “There’s now an opportunity to radically rethink how to build trustworthy systems for managing data, if decisions about how to move forward are made in the open. Otherwise, the government risks damaging public trust, which is already fragile.”
NHSX and NHS England declined to comment when contacted by the TBIJ. Palantir did not respond to a request for comment.
Palantir has made no secret of its ambition to become a “default operating system” rather than just a short-term fix. “We build software platforms for large institutions whose work is essential to our way of life,” the company stated in its August 2020 share prospectus. “Those institutions must be able to function in times of stability as well as crisis and uncertainty.”
Long-term prospects for the curation and analysis of NHS data are likely to prove more contentious than the immediate needs of managing coronavirus.
“Now contracts are being handed out well into 2023 – not just with Palantir – and with implications far beyond that,” Smith said. “Where is the public scrutiny and accountability for private deals that could prove far more pivotal to the future of NHS information handling than any of the initiatives forced on us by Covid?”
Palantir’s move into British healthcare follows the secret and sometimes controversial work it has carried out for US defence and intelligence agencies.
Desk editor: James Ball
Investigations editor: Meirion Jones
Production editor: Alex Hess
Fact checker: Isobel Koshiw