Your NHS data could be shared with the controversial US tech giant, campaigners say:

GP practices in the UK will share the medical records of some 55 million people across England for use in a central database compiled by NHS Digital. People originally had until June 23 to opt out of the initiative, but NHS Digital extended the deadline by less than a fortnight until it started siphoning data from across the country. Academics and companies with a commercial relationship with the NHS will have access to medical records, including physical, sexual and mental health history.

One of the companies that will be able to sift through millions of patient records — once kept under lock and key at your local GP practice — will be US software company Palantir, claims digital rights campaign group Foxglove. Founded by Peter Thiel – a strong supporter of President Donald Trump, Palantir specializes in big data surveillance and analytics for the police, military and state security.

Palantir, which is worth around £30 billion, has seen quite a bit of controversy over the years. In a 2018 parliamentary inquiry, Cambridge Analytica research director Christopher Wylie alleged that Palantir used the same Facebook data, including posts from their timeline, shared photos and messages between friends, mined by his company ahead of the US presidential election and the Brexit referendum. .

Critics say US law enforcement agencies that relied on Palantir’s “predictive policing” software, which analyzes crime files to proactively move resources to the next possible crime scene, have unfairly targeted poor and black communities.

NHS Digital, which manages health service IT systems, is at the forefront of modernizing medical records. According to NHS Digital, the software currently used by GP practices across England is over ten years old and no longer fit for purpose. It also states that only organizations with a “legal basis and legitimate need to use” can tap into the centralized database. So, would that include Palantir?

MORE LIKE THIS
This number is illegal – whatever you do, don’t keep a copy of it

Well that’s a little less bright.

When approached by the Daily mail, NHS Digital would not reveal whether Palantir is one of the companies with a “legitimate” need to access the data. However, the US company has become increasingly involved in healthcare in recent years. After he offered to build a Covid-19 database for the UK, Palantir was awarded two more contracts from the UK government for a total of £24 million.

Digital rights advocates Foxglove has said it is “deeply concerned” that Palantir, listed on the NHS website as a “preferred partner” for purchasing NHS data service, could be hired to manage the new database of millions of records . Foxglove is just one of 50 organizations now calling on the health service to end its commercial relationship with the company.

Foxglove director Cori Crider summed up: “Palantir is the last company we want near the NHS.”

Sensitive information, including mental and sexual health data, criminal records, full zip code and date of birth, will be included in the database of NHS records. However, NHS Digital says anything that can be used to identify you from your data is pseudonymized before being uploaded from your local GP practice.

“This means that this data is replaced with unique codes so that patients cannot be directly identified in the data shared with us. The data is also securely encrypted,” explains NHS Digital.

However, the code to decipher the anonymized data is kept by the NHS. This is different from the approach of some tech companies, including Apple and WhatsApp, which do not store the digital keys that can decrypt the anonymized data. That’s why Apple refused to help FBI investigators who hoped to unlock an iPhone owned by one of the terrorist suspects.

According to Apple CEO Tim Cook, “In today’s digital world, the ‘key’ to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections surrounding it. Once the information is known, or a way to bypass the code is revealed, the encryption can be destroyed by anyone with that knowledge.In the physical world it would be the equivalent of a master key, which can open hundreds of millions of locks – from restaurants and banks to shops and homes. No reasonable person would find that acceptable.”

NHS Digital will have the keys to unlocking its anonymized data, but says it “will only ever re-identify the data if there was a lawful reason to do so and it would have to comply with data protection legislation”.

To remove yourself from the database, you must complete a form and send it to your GP. If you don’t do this before the deadline, your medical records will become a permanent part of the NHS Digital database. Opting out after 1 September 2021 will still work but will only apply to future data – all historical data will remain available to NHS researchers, academic and commercial partners. You will find the form necessary to unsubscribe here.