To ask His Majesty's Government, further to NHS England’s instruction to hospitals to use Palantir’s Faster Data Flows database, what safeguards they will put in place to protect patient privacy.

All uses of data by the National Health Service must be ethical, for the public good, and comply with data protection law. This means there must always be a valid lawful basis for the collection and processing of personal information as defined under data protection legislation. Palantir only operates under the instruction of NHS England when processing data on the Foundry platform and does not have access to data, identifiable or otherwise, held within the Foundry platform instances licensed to NHS England nor are they permitted to use or share it for their own purposes.

NHS England will only share de-identified data with internal NHS England data analysts, integrated care boards and the NHS Providers that provided the data. De-identification practices mean that personal identifiers are removed from datasets to protect patient confidentiality. This includes techniques such as aggregation, anonymisation, and pseudonymisation. The level of de-identification applied to data may vary based on user roles and requirements for accessing the data. This is in line with guidance from the Information Commissioner’s Office as well as the General Data Protection Regulation.