The NHS FDP brings together health data in one secure place to help NHS staff make better decisions about patient care and service planning. It operates at three levels:

• NHS England National Instance: combines data from multiple legacy systems to give leaders accurate, up-to-date information for planning health services across England.
• Local Integrated Care Board (ICB) Instances: helps integrated care boards plan and buy health services for their local area by providing the data and capabilities they need to understand what their population requires.
• NHS Trust Instances: gives frontline staff quick access to patient information in one place. This helps teams view the most current patient data, manage waiting lists, schedule operations and plan better care.

Who controls the data?

NHS England is the data controller for the National Instance.

Each NHS trust and ICB is the data controller for their instance, this means that they remain responsible for their own data and decide how to use it locally. They can choose which national solutions and products to use.

How do I get access?

NHS England is funding licences for all NHS providers and 42 ICBs across the health system.

If your organisation doesn’t already have access:

• Go to the ServiceNow portal
• Select ‘NHS Federated Data Platform’
• Complete the access request

Need help?

If you can’t access the ServiceNow portal to request NHS FDP access, contact the National Service Desk for support.

The NHS ran an independent procurement exercise, done by the NHS, for the NHS, to procure a federated data platform.

The platform was procured via a rigorous, competitive procurement process in line with government procurement legislation. The selection was made by multiple assessors against clear criteria following an open tender process where any supplier could respond with their solution. A consortium led by Palantir was awarded the contract in November 2023 based on their ability to meet the specific needs defined by NHS England for the NHS FDP.

The suppliers were required to demonstrate their financial, commercial, security and technical capability to meet contractual requirements. The procurement process also required suppliers to evidence their commitment to sustainability and social value.

The full contract is available on Contracts Finder. Below is a summary of the strict measures in place to ensure that:

1. The supplier complies with stringent supplier controls, requiring them to demonstrate their financial, commercial, security and technical capability to meet our contractual requirements. The procurement process also asked suppliers to provide demonstrable evidence of their commitment to sustainability and social value.
2. Patient data is protected through clear regulations, security measures, retained within the UK region, with access fully audited and NHS cyber security monitoring and protection.
3. Intellectual property for NHS funded services remain with the NHS, ensuring capabilities developed are retained within the NHS.
4. NHS FDP is integrated to NHS Cyber monitoring and IT Service Operation Centre Monitoring whilst also being monitored by the suppliers, providing a dual layer of monitoring and protection.
5. Business Continuity and Disaster Recovery is tested on an annual basis, to ensure that services can be recovered in the event of an outage. Clear step in rights are included within the contract to ensure in the event of an extreme event the NHS can take control of the service and limit access to the data.
6. Vendor lock-in is avoided through contractual limitations, a seven-year contract term, robust exit planning, standards and technical guidelines to utilise agnostic services that can be migrated.

The contract is valued at £330 million for over a seven-year period and this will provide funding for up to 240 NHS organisations (trusts and integrated care systems).

NHS Privacy Enhancing Technology 

New Privacy Enhancing Technology will provide robust protection and deliver a standard approach to support safe data access and use. The NHS Federated Data Platform will be the first to use the new NHS Privacy Enhancing Technology.

The NHS Privacy Enhancing Technology contract was awarded to IQVIA in November 2023.

As part of the contract, the only right Palantir has is to provide NHS FDP services to NHS users. Palantir therefore cannot:

1. commercialise or market NHS data, even on an anonymised basis
2. make any other use of NHS data and this includes using NHS data to develop or derive new Supplier products (for example by training an AI model on NHS data)

What we have provided

NHS England has purchased licences for a federated data platform for all NHS providers and the 42 integrated care boards (ICBs) until March 2031.

What we expect from organisations

Implementation of the NHS FDP is not mandatory. However, since we have invested in this capability on behalf of the NHS, we expect all trusts and ICBs to consider how they could use the NHS FDP when planning their data systems to ensure best value for taxpayers.

How this will work in practice

We’re working to make data move more efficiently across the health and care system – making it faster, more consistent and more useful for everyone.

For organisations that have an NHS FDP instance, we aim to use it to simplify data submissions to NHS England. For providers without an NHS FDP instance, we will provide alternative options including a submission portal or API (automated data connection) solution.

The contract has multiple measures in to mitigate the risk of lock-in to the supplier.

• Contract term – Whilst there is a maximum term of seven years, the NHS England commitment to the Supplier is incremental: only a three year term is committed, which can be extended by two years and then two further one year periods.
• Cloud/SaaS infrastructure – it is not integrated into NHS core systems, patient record systems remain the primary clinical record.
• Data export and migration – The platform enables connection and export of data at any time, and is already a core part of our integration patterns. The contract also includes clear terms for migrating data and services to another supplier or back to the NHS if the contract ends.
• In house skills – NHS England has developed its own data engineering and analytics skills and capabilities, ensuring NHS staff operate, develop and maintain its core services, many of the National products are developed, managed and maintained by NHS staff. The centre of excellence, provided by the programme is also developing the skills and capabilities across the NHS, with local organisations already developing their own solutions, reducing the reliance in third parties.
• Multi-vendor landscape – The programme has developed a “Solution Exchange” to encourage other suppliers to develop and share applications for the NHS FDP. The Programme also partners with several other organisations to develop solutions and services for the NHS FDP.

Palantir has no intellectual property rights (IPRs) in NHS data as part of this contract.

• where NHS England commissions material containing IPRs, it owns those IPRs – this includes the data ontology commissioned by NHS England to support NHS FDP use known as the Canonical Data Model
• the platform itself is based on an existing Supplier data analytics product, Foundry, and so Palantir retains IPRs in that product.

The NHS Federated Data Platform (NHS FDP) follows the same cyber security measures which are currently in place with all NHS England systems, and these have been enhanced specifically for this platform. NHS England works closely with the National Cyber Security Centre to ensure that all information is protected from the threat of a cyber-attack. All data will be accessed in line with the Office for National Statistics’ Five Data Safes.

The NHS Federated Data Platform has robust security measures built in, including a dual layer of monitoring and protection. The platform is integrated with NHS Cyber monitoring and IT Service Operation Centre monitoring, whilst also being monitored by the suppliers themselves, providing comprehensive oversight of security threats.

Business continuity and disaster recovery procedures are tested annually to ensure that services can be recovered in the event of an outage. Clear step-in rights are included within the contract to ensure that in the event of an extreme event, the NHS can take control of the service and limit access to the data.

Information about the security of the NHS Federated Data Platform is available on our website.

Some of the data used within certain products includes information which may have been sourced from GP records (such as when a vaccination has been administered within a GP practice as part of Direct Care).  Any such data is de-identified before being put into the national Instance and analysed.

Where there are the appropriate data sharing agreements in place between local organisations and GP practices, trusts and integrated care boards (ICBs) who have an instance of NHS Federated Data Platform (NHS FDP) are able to place GP datasets that they lawfully hold, in their instance of NHS FDP.

Secure data environments (SDEs) are the generic term for the way NHS England will provide access to NHS data. 

The NHS Federated Data Platform is IT software for the NHS, or those commissioned by them, to access data for direct care and population health planning purposes; it will not be used for external research. 

The NHS Research SDE Network is for external users and/or those conducting research to access data. 

No. NHS England works closely with the National Cyber Security Centre to ensure that all information is protected from the threat of a cyber-attack. All data will be accessed in line with the Office for National Statistics’ Five Data Safes. 

Information about the security of the NHS Federated Data Platform is available on our website.  

Under General Data Protection Regulation, everyone can ask for a “subject access request”. This is a request for information that an organisation holds about you. Read more information about your right of access.

Access to data must have an explicit aim to benefit patients and/or the NHS in England.

Access to NHS health and social care data within the NHS Federated Data Platform (NHS FDP) will be carefully controlled. Only authorised users will be granted access to data for approved purposes. The supplier will not control the data in the platform, nor will they be permitted to access, use or share it for their own purposes.

The supplier of the NHS Federated Data Platform will only operate under the instruction of the NHS when processing data on the platform. The supplier will not control the data in the platform and will not be the data controller. The contract has strict stipulations about confidentiality, and there is governance in place to monitor delivery and usage of the NHS FDP.

Only authorised users will be granted access to data for approved purposes, for example, NHS staff and those supporting them, such as administrators, bed managers or care coordinators, and staff in social care supporting the move from hospital care. Every hospital trust and integrated are board who has their own instance of the NHS FDP, will have complete control over who has access to their data platform.

Patients can have confidence that data in the NHS Federated Data Platform (NHS FDP) will always remain in the full control and protection of the NHS.

The NHS will not give access to confidential patient data for marketing or insurance purposes.

Data Protection is enforced via the Data Protection Act 2018 and the UK General Data Protection Regulation. If an organisation doesn’t comply, the Information Commissioner’s Office (ICO) may need to take action against the company.

The ICO has a range of enforcement powers that it can use where appropriate. It can issue monetary penalties of up to a maximum of £17.5 million – or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher – in the most serious cases. Read more information on possible penalties.

The NHS Federated Data Platform is built on Palantir’s Foundry software. Palantir retains intellectual property rights in their existing Foundry product, however the NHS has protected its interests through the contract in several important ways.

Information to support patients to understand how the software works and the ways in which it supports better care while protecting patient privacy is available on the Patients Association website.

Just as your local trust currently places identifiable data in systems such as Electronic Patient Records (EPRs), the NHS Federated Data Platform (NHS FDP) is no different. Your identifiable health data stays within your own trust’s local NHS FDP and can only be seen by healthcare professionals involved in your direct care at that trust. Other NHS organisations cannot access your personal health information unless there are appropriate data sharing agreements in place for your care.

The specific types of clinical data included in the NHS FDP vary depending on the particular software application (called a “Product”) being used and what is needed for that specific purpose. Each Product processes only the minimum data necessary to meet that particular NHS need. Examples of Products currently being used include:

• Inpatients Care Coordination Solution – helps clinical teams manage surgery waiting lists and theatre scheduling by identifying which patients no longer need to be on waiting lists and prioritising those with the most urgent needs.
• Outpatients Care Coordination Solution – provides waiting list validation tools to help teams identify duplicate entries or patients who no longer need appointments, ensuring the correct patients receive care.
• Referral to Treatment validation tool – supports NHS staff to better manage waiting lists for non-urgent care and track patient pathways to reduce delays and improve efficiency.
• OPTICA – helps reduce unnecessary hospital stays by integrating patient records to ensure relevant discharge information is available in one place for health and social care teams.

The NHS FDP includes operational information such as bed numbers and occupancy rates, and health and treatment information that identifies you. All health data, regardless of how sensitive it may be, receives the same high level of protection under data protection laws.

For your direct care, your personal data is held in identifiable form within your trust’s local system. Each healthcare professional only sees the data needed for their role in your care. For planning and improving services, de-identification techniques remove personal identifiers to protect your confidentiality.

For detailed information about specific data types in each Product, you can review the individual Product Privacy Notices.

Data access is tightly governed. Only authorised users can access data for approved purposes, and all access is logged and auditable.

At local Trust level for direct care, your data remains identifiable within your trust’s own instance of the NHS FDP so that healthcare professionals can provide you with safe, coordinated care. Each user only sees the data required for their specific role in your care, and this identifiable data stays within your Trust’s local system.

When data is shared with your integrated care board (ICB) or nationally for operational/planning purposes , it is de-identified to protect your privacy. Personal identifiers like your name, address, and date of birth are removed. The ICB and national instances contains only aggregate statistics to help understand “in real-time how many patients are in hospital, how long patients are waiting for critical treatments, and where pressure points are across the system” rather than showing individual patient records.

Privacy Enhancing Technology (PET) built into the NHS FDP automatically applies the right level of protection based on who is accessing the data and why. This includes techniques such as removing identifiers for planning purposes, aggregating data into statistical summaries, using pseudonymisation where codes replace names, and applying role-based access controls.

The NHS Federated Data Platform (NHS FDP) is designed with “privacy by design” principles, meaning these protections are built into the system from the start. All data processing must be approved through Data Protection Impact Assessments before it begins, ensuring your confidentiality is protected at every level of the platform.

NHS Federated Data Platform (NHS FDP) is already making a difference for patients and staff across the country.

We publish updated benefits statistics every quarter. The latest statistics are available here – NHS Federated Data Platform uptake and benefits.

Our case studies showcase how NHS organisations are using the NHS FDP to drive innovation and improve care. Each case study focuses on a specific challenge, the solution implemented, and the measurable impact for patients and staff.

These user stories also highlight real-world examples of how better access to information is helping NHS teams deliver faster, safer, and more personalised care. From reducing waiting times to improving discharge processes, these stories show how the platform is transforming services on the ground.

This video animation also describes the benefits being realised by NHS trusts in England.

The NHS Federated Data Platform (NHS FDP) brings together information from different systems across the NHS. Enabling hospitals and ICBs to use and build digital solutions that improve service efficiency with patient care prioritised.

It doesn’t replace – it sits on top of existing systems securely connecting them through a single sign-on authentication system, eliminating the need for multiple log-ins and streamlining access across various systems. With real insights in near-real-time, and each instance speaking the same language for ultimate clarity, the platform serves as a foundation for future innovation, including AI tools.

The Platform can flex and adjust to address the requirements of local organisations and teams. It enables integrated care boards (ICBs) and trusts to utilise pre-existing solutions and encourages them to create their own to improve patient care.

What we have provided

NHS England has purchased licences for a federated data platform for all NHS providers and the 42 integrated care boards (ICBs) until March 2031.

What we expect from organisations

Implementation of the NHS Federated Data Platform (NHS FDP) is not mandatory. However, since we have invested in this capability on behalf of the NHS, we expect all trusts and ICBs to consider how they could use the NHS FDP when planning their data systems to ensure best value for taxpayers.

How this will work in practice

We’re working to make data move more efficiently across the health and care system – making it faster, more consistent and more useful for everyone.

For organisations that have an NHS FDP instance, we aim to use it to simplify data submissions to NHS England. For providers without an NHS FDP instance, we will provide alternative options including a submission portal or API (automated data connection) solution.

Secure data environments (SDEs) are the generic term for the way NHS England will provide access to NHS data.

The NHS Federated Data Platform is IT software for the NHS, or those commissioned by them, to access data for direct care and population health planning purposes; it will not be used for external research.

The NHS Research SDE Network is for external users and/or those conducting research to access data.