About The National Data Integration Tenant

The NHS Federated Data Platform (NHS FDP) connects vital health information across the NHS, helping staff deliver better care for patients and work more efficiently.

The National Data Integration Tenant (NDIT) is designed to provide a single, consistent route for data, including identifiable data, to be collected and used by NHS England. NHS England uses NDIT to make the submission of data collections from other organisations, which NHS England already performs, more efficient.

The NDIT currently only holds a small number of data sets which NHS England needs to collect in identifiable form, such as information relating to virtual wards and cancer waiting times.

Within the NDIT that data is organised and prepared, which includes de-identifying it, so it can be used within another part of the NHS FDP’s national platform to deliver insights which support operational services.

Concerns raised

The National Data Guardian has raised concerns about the NDIT’s published Data Protection Impact Assessment (DPIA).

While we have always been clear publicly and on our website that authorised users from the supplier will be granted access to data only for approved purposes under the instruction of the NHS, within the DPIA we referred to only NHS England staff having access to directly identifiable patient data within the NDIT. In fact some suppliers working for NHS England do have controlled access.

We recognise that the DPIA contained an error in how it described supplier access to data so we are correcting that error, and we apologise for any confusion this has caused.

Clarity around supplier access is crucial to our programme and we will continue to work closely with the National Data Guardian, the Information Commissioner’s Office and our governance groups to ensure our information is clear.

Alongside correcting the DPIA, we have updated the NDIT privacy notice, strengthening our internal governance and change notification processes, and are reviewing access permissions to reduce supplier access wherever it is safe and practical to do so.

Why suppliers have access to the NDIT and how it is governed

NHS England uses a mix of internal teams and specialist suppliers to help run large national data and digital services. This is common practice across the NHS and elsewhere in government. Suppliers help build, maintain and support complex systems.

In the case of NDIT, 3 engineers working for an external supplier – Palantir –provide technical support services. They currently have administrative-level access to the NDIT where they provide back-office support for the platform 24/7, 365 days of the year. This includes managing platform-wide settings, maintaining platform security and configuring the platform. NHS England remains the data controller and tightly controls any supplier access.

As of 15 June 2026, a further 33 engineers from a variety of suppliers have more limited project-specific access to work on specific data sets and tasks assigned by NHS England including writing code and assuring the development of new products, for example, developing the new tool that providers will use to submit their national Virtual Wards Minimum Data Set. Within that defined area of the platform only, they are given limited access as data processors working under NHS England’s instructions.

In all cases they do not have permission to use the data for their own purposes – their role is strictly limited to supporting the safe running and maintenance of the platform. The access is granted based on operational need and is time limited therefore the numbers can fluctuate over time.

Within NDIT, engineers, operating under the instruction of NHS England, could access identifiable and de-identifiable patient data, however this would only be to provide specific technical support – patient data is not routinely accessed.

Access for engineers working on NDIT is monitored and controlled in the following ways:

• the NDIT is one part of the NHS FDP. Those with access to it do not have access to the information in other parts of the NHS FDP
• access to NDIT by any staff, including suppliers, is time-limited, role-based and purpose-specific. This access relates to the NDIT and not the wider NHS FDP
• access is strictly governed by contract, by the UK General Data Protection Regulation, and by the Data Protection Act 2018
• any staff with access, both NHS and suppliers, must meet Government security clearances and vetting requirements
• administrative level access for non-NHS England users is subject to senior approval and Government security clearances. That access is removed when it is no longer needed and must be reverified every 3 months
• all access and activity is strictly monitored and audited by a team in NHS England every month. Audit logs are inspected and show what actions have been taken.

These safeguards exist not just to enforce compliance, but to protect the trust that patients place in the NHS.

The NHS FDP is already joining up care, speeding up cancer diagnosis and ensuring thousands of additional patients can be treated each month – while saving money for NHS teams and taxpayers.