The NHS ran an independent procurement exercise, done by the NHS, for the NHS, to procure a federated data platform. The choice of preferred supplier was not made by a single person, it was the result of assessment by many different individuals. 

NHS Federated Data Platform  

A consortium led by Palantir, which includes Accenture, PWC, Carnall Farrar and NECS, was awarded the contract to deliver the NHS Federated Data Platform in November 2023. 

The contract is valued at £330 million for over a seven-year period and this will provide funding for up to 240 NHS organisations (trusts and integrated care systems). 

NHS Privacy Enhancing Technology  

New Privacy Enhancing Technology will provide robust protection and deliver a standard approach to support safe data access and use. The NHS Federated Data Platform will be first the new NHS Privacy Enhancing Technology. 

The NHS Privacy Enhancing Technology contract was awarded to IQVIA in November 2023. 

NHS England has procured and paid for licenses to provide a federated data platform for all NHS Providers as well as the 42 integrated care boards (ICBs) for the next seven years.  

While implementation is not being mandated, all trusts and ICBs are being asked to provide plans for how they will maximise the benefits of the NHS Federated Data Platform (NHS FDP) for their patients within the next two years.  

Demand is high, so we are asking trusts to sign-up now, so that we can schedule them into the overall delivery timeline. To learn more about the NHS FDP products or to arrange a product demo, please contact our team: england.fdp@nhs.net 

Where the NHS FDP can provide the additional capabilities, it is right and proper that we’d expect organisations to fully consider using NHS FDP as part of their planning to deliver best value for money for taxpayers. 

Some of the data used within certain products includes information which may have been sourced from GP records (such as when a vaccination has been administered within a GP practice as part of Direct Care).  Any such data is de-identified before being put into the national Instance and analysed.  

Where there are the appropriate data sharing agreements in place between local organisations and GP practices, trusts and integrated care boards (ICBs) who have an instance of FDP are able to place GP datasets that they lawfully hold, in their instance of FDP. 

Secure data environments (SDEs) are the generic term for the way NHS England will provide access to NHS data. 

The NHS Federated Data Platform is IT software for the NHS, or those commissioned by them, to access data for direct care and population health planning purposes; it will not be used for external research. 

The NHS Research SDE Network is for external users and/or those conducting research to access data. 

No. NHS England works closely with the National Cyber Security Centre to ensure that all information is protected from the threat of a cyber-attack. All data will be accessed in line with the Office for National Statistics’ Five Data Safes. 

Information about the security of the NHS Federated Data Platform is available on our website.  

Under General Data Protection Regulation, everyone can ask for a “subject access request”. This is a request for information that an organisation holds about you. Read more information about your right of access. 

Access to data must have an explicit aim to benefit patients and/or the NHS in England. Access to NHS health and social care data within the NHS Federated Data Platforms will be carefully controlled. Only authorised users will be granted access to data for approved purposes. The supplier will not control the data in the platform, nor will they be permitted to access, use or share it for their own purposes.

The supplier of the NHS Federated Data Platform will only operate under the instruction of the NHS when processing data on the platform. The supplier will not control the data in the platform and will not be the data controller. The contract has strict stipulations about confidentiality, and there is governance in place to monitor delivery and usage of the NHS FDP.

Only authorised users will be granted access to data for approved purposes, for example, NHS staff and those supporting them, such as administrators, bed managers or care coordinators, and staff in social care supporting the move from hospital care. Every hospital trust and ICB (on behalf of their ICS) who has their own instance of the NHS FDP, will have complete control over who has access to their data platform.

Patients can have confidence that data in the NHS Federated Data Platform will always remain in the full control and protection of the NHS. 

The NHS will not give access to confidential patient data for marketing or insurance purposes. 

Data Protection is enforced via the Data Protection Act 2018 and the UK General Data Protection Regulation. If an organisation doesn’t comply, the Information Commissioner’s Office (ICO) may need to take action against the company. 

The ICO has a range of enforcement powers that it can use where appropriate. It can issue monetary penalties of up to a maximum of £17.5 million – or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher – in the most serious cases. Read more information on possible penalties. 

The NHS Federated Data Platform is built on Palantir’s Foundry software. Information to support patients to understand how the software works and the ways in which it supports better care while protecting patient privacy is available on the Patients Association website.