One of the companies that will be able to trawl through millions of patients’ data – once kept under lock and key in your local GP surgery – will be US software firm Palantir, digital rights campaign group Foxglove has claimed. Palantir, founded by Peter Thiel – a strong supporter of President Donald Trump, specialises in big data surveillance and analytics for the police, military and state security.
Palantir, which is worth around £30 billion, has had its fair share of controversies over the years. In a Parliamentary inquiry in 2018, Cambridge Analytica research director Christopher Wylie claimed that Palantir used the same Facebook data, including posts from their timeline, photos shared and messages between friends, that was mined by his company ahead of the US Presidential Election and Brexit referendum.
Critic says that US police forces that have relied on Palantir’s “predictive policing” software, which analyses crime records to proactively move resources closest to the next possible crime scene, have unfairly targeting poor and black communities.
NHS Digital, which runs the IT systems for the health service, is spearheading the move to modernise medical records. According to NHS Digital, the software currently used by GP surgeries across England is more than a decade old and no longer fit for purpose. It also states that only organisations with a “legal basis and legitimate need to use” will be able to tap into the centralised database. So, would that include Palantir?
MORE LIKE THIS
This number is illegal – whatever you do, don’t keep a copy of it
Well, that’s a little less clear.
When approached by the Daily Mail, NHS Digital wouldn’t reveal whether Palantir is one of the companies with a “legitimate” need to access the records. However, the US company has become increasingly involved with the health service in recent years. After offering to build a Covid-19 database for the UK, Palantir was awarded two more contracts from the UK Government totalling £24 million.
Digital rights campaigners Foxglove has said it is “very concerned” that Palantir, which is listed on the NHS website as a “preferred partner” for procurement of NHS data service, could be hired to manage the new database of millions of records. Foxglove is just one of 50 organisations now calling on the health service to end its commercial relationship with the company.
Foxglove director Cori Crider summarised: “Palantir is the last company we want anywhere near the NHS.”
Sensitive information, including mental and sexual health data, criminal records, full postcode and date of birth, will be included in the database of NHS records. However, NHS Digital says that anything that could be used to identify you from your records will be pseudonymised before it’s uploaded from your local GP practice.
“This means that this data is replaced with unique codes so patients cannot be directly identified in the data which is shared with us. The data is also securely encrypted,” NHS Digital explains.
However, the code to unscramble the anonymised data will be held by the NHS. This is different from the approach taken by some tech companies, including Apple and WhatsApp, which do not store the digital keys that could unscramble the anonymised data. That’s why Apple refused to help FBI investigators who hoped to unlock an iPhone owned by one of the terrorist suspects.
According to Apple CEO Tim Cook, “In today’s digital world, the ‘key’ to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks – from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”
NHS Digital will hold the keys to unlock its anonymised data, but says it will “only ever re-identify the data if there was a lawful reason to do so and it would need to be compliant with data protection law”.
To remove yourself from the database, you’ll need to fill out a form and submit it to your GP. If you don’t do this before the deadline, your medical records will become a permanent feature of the NHS Digital database. Opting out after September 1, 2021 will still work, but will only apply to future data – any historic data will still be available to researchers, academic and commercial partners of the NHS. You can find the form required to opt-out here.