Senior NHS official lobbied to add GP data to FDP while also advising Palantir

Matthew Swindells, the joint chair of four major NHS hospital trusts in north-west London, privately encouraged colleagues to integrate GP patient data into the Federated Data Platform (FDP) built by Palantir to manage hospital logistics and operational data while simultaneously serving as an adviser to the US technology company. Although board papers for Chelsea and Westminster Hospital NHS Foundation Trust stated Swindells should be excluded from any decision-making regarding Palantir, an email from May 2024 reveals he suggested flowing patient-level data into the FDP.

While NHS England has stated that the FDP will not combine GP records nationally, Swindells’ email proposed moving aggregate metrics and, eventually, individual records from local GP databases into the system. He suggested this could be achieved by using existing local data environments without renegotiating all data-sharing agreements.

Recipients of the correspondence included Penny Dash, now chair of NHS England. Swindells has since clarified that his suggestions referred specifically to a local version of the platform under local controllership, rather than the national system, and emphasised that his proposals were never actioned. Access to NHS and GP information remains strictly governed by formal contracts intended to protect patient privacy and limit how and with whom medical records are shared.

£ - This article requires a subscription. 

Training Announcement: The IAPP Certified Information Privacy Technologist (CIPT) is a privacy-focused professional IT certificate from the IAPP that addresses data protection requirements and controls within complex technological environments. It explores the data lifecycle, privacy risk models and frameworks, the principles of Privacy by Design, and the role of privacy-enhancing technologies within the organisation. Find out more.