Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, what contracts their Department has with Palantir.
Answered by Karin Smyth - Minister of State (Department of Health and Social Care)
Details of Government contracts above £12,000 for procurements commenced before 24 February 2025 are published on Contracts Finder. Contracts procured under the Procurement Act 2023, which came into force on 24 February 2025, are published on the Central Digital Platform’s Find a Tender service.
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, if he will bring forward legislative proposals to make the NHS Accessible Information Standard legally enforceable.
Answered by Stephen Kinnock - Minister of State (Department of Health and Social Care)
The revised Accessible Information Standard (AIS) was published on 1 July, and is available at the following link:
https://www.england.nhs.uk/accessible-information-standard/
NHS England is working to support implementation of the AIS with awareness raising, communication and engagement, and a review of the current e-learning modules on the AIS. The intention is to ensure that staff and organisations in the National Health Service are aware of the AIS and the importance of meeting the information and communication needs of disabled people using services.
Since 2016, all NHS organisations and publicly funded social care providers are expected to meet the AIS, which details the recommended approach to supporting the information and communication support needs of patients and carers with a disability, impairment, or sensory loss.
The responsibility for monitoring compliance with the AIS sits with the commissioner of the service.
The revised standard requires those staff in relevant communication and information roles to be adequately trained. The AIS conformance criteria, published in 2016 and updated in June 2025, set out how organisations should comply with the AIS. NHS England is leading a system wide review of mandatory training which will include a new governance framework and a table of statutory obligations as well as a new competency framework setting out all nationally mandated subjects and learning outcomes.
Following the commencement of regulations made under the Health and Care Act 2022, mandatory information standards will be introduced in a staged process. NHS England will consider the case for developing a mandatory AIS standard, and the timing for this, along with the other existing standards.
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, if he will take steps to ensure that the NHS Accessible Information Standard is (a) prioritised and (b) fully implemented.
Answered by Stephen Kinnock - Minister of State (Department of Health and Social Care)
The revised Accessible Information Standard (AIS) was published on 1 July, and is available at the following link:
https://www.england.nhs.uk/accessible-information-standard/
NHS England is working to support implementation of the AIS with awareness raising, communication and engagement, and a review of the current e-learning modules on the AIS. The intention is to ensure that staff and organisations in the National Health Service are aware of the AIS and the importance of meeting the information and communication needs of disabled people using services.
Since 2016, all NHS organisations and publicly funded social care providers are expected to meet the AIS, which details the recommended approach to supporting the information and communication support needs of patients and carers with a disability, impairment, or sensory loss.
The responsibility for monitoring compliance with the AIS sits with the commissioner of the service.
The revised standard requires those staff in relevant communication and information roles to be adequately trained. The AIS conformance criteria, published in 2016 and updated in June 2025, set out how organisations should comply with the AIS. NHS England is leading a system wide review of mandatory training which will include a new governance framework and a table of statutory obligations as well as a new competency framework setting out all nationally mandated subjects and learning outcomes.
Following the commencement of regulations made under the Health and Care Act 2022, mandatory information standards will be introduced in a staged process. NHS England will consider the case for developing a mandatory AIS standard, and the timing for this, along with the other existing standards.
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, if he will take steps to make (a) the NHS Accessible Information Standard and (b) deaf awareness training mandatory for NHS staff.
Answered by Stephen Kinnock - Minister of State (Department of Health and Social Care)
The revised Accessible Information Standard (AIS) was published on 1 July, and is available at the following link:
https://www.england.nhs.uk/accessible-information-standard/
NHS England is working to support implementation of the AIS with awareness raising, communication and engagement, and a review of the current e-learning modules on the AIS. The intention is to ensure that staff and organisations in the National Health Service are aware of the AIS and the importance of meeting the information and communication needs of disabled people using services.
Since 2016, all NHS organisations and publicly funded social care providers are expected to meet the AIS, which details the recommended approach to supporting the information and communication support needs of patients and carers with a disability, impairment, or sensory loss.
The responsibility for monitoring compliance with the AIS sits with the commissioner of the service.
The revised standard requires those staff in relevant communication and information roles to be adequately trained. The AIS conformance criteria, published in 2016 and updated in June 2025, set out how organisations should comply with the AIS. NHS England is leading a system wide review of mandatory training which will include a new governance framework and a table of statutory obligations as well as a new competency framework setting out all nationally mandated subjects and learning outcomes.
Following the commencement of regulations made under the Health and Care Act 2022, mandatory information standards will be introduced in a staged process. NHS England will consider the case for developing a mandatory AIS standard, and the timing for this, along with the other existing standards.
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, whether his Department has considered mandating UK-based technology providers for the management of NHS data.
Answered by Karin Smyth - Minister of State (Department of Health and Social Care)
In accordance with United Kingdom procurement law, legally established and eligible suppliers cannot be excluded from bidding in a procurement to deliver a contract. Contracts may specify arrangements for how and where data can be stored.
The Procurement Act 2023 has introduced a power for the Government to exclude suppliers from public sector contracts if they pose a national security risk.
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, what steps he has taken to ensure that NHS data handled by Palantir Technologies cannot be accessed or processed by non-UK government entities.
Answered by Karin Smyth - Minister of State (Department of Health and Social Care)
The NHS Federated Data Platform (FDP) has been designed with stringent safeguards to ensure that patient data is protected in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Access to National Health Service health and social care data within the FDP is tightly controlled. Only authorised users are granted access, and solely for approved purposes that demonstrably benefit patient care or NHS operations. Palantir Technologies, as the software provider, operates strictly under the instruction of NHS England. They do not control the data, nor are they permitted to access, use, or share it for any independent purpose. To further strengthen data protection, the FDP incorporates advanced Privacy Enhancing Technology (NHS-PET), which has been procured from a separate supplier to ensure independence and to mitigate any potential conflicts of interest. This technology ensures that data is processed in a secure and privacy-preserving manner. The contract with Palantir Technologies includes robust confidentiality clauses and is governed by a comprehensive oversight framework. This framework includes regular audits, monitoring, and reporting to ensure compliance with legal and ethical standards. Data Protection Impact Assessments have been conducted to assess and mitigate any risks to individual rights and freedoms.
It is a contractual requirement that personal data stored in the FDP and NHS-PET cannot be accessed by its provider’s personnel or contractors based outside the United Kingdom. In accordance with GDPR principles of transparency and accountability, NHS England has published details which outline how data is protected, who can access it, and under what conditions. Further information is available at the following link:
These measures collectively ensure that NHS data remains under UK jurisdiction and all processing of patient information will be within the UK only. This is a contractual requirement, and one of the key principles of the FDP Information Governance Framework. Data cannot be accessed or processed by non-UK government entities.
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, whether his Department has consulted UK defence and intelligence agencies on awarding NHS data platform contracts to foreign-owned companies with defence-sector operations.
Answered by Karin Smyth - Minister of State (Department of Health and Social Care)
NHS England conducted an independent and transparent procurement exercise in full compliance with public contract regulations. The selection of the preferred supplier was not determined by a single individual but was the result of a rigorous assessment process involving multiple stakeholders.
Consulting the United Kingdom’s defence and intelligence agencies before awarding data contracts is not a usual part of NHS England’s procurement process. NHS England did work with the National Cyber Security Centre for this procurement.
In accordance with procurement regulations, NHS England cannot exclude any legally established and eligible supplier from participating in the bidding process.
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, what assessment he has made of the security implications of awarding NHS data management contracts to (a) Palantir Technologies Inc. and (b) other companies with significant overseas (i) defence and (ii) intelligence clients.
Answered by Karin Smyth - Minister of State (Department of Health and Social Care)
In awarding the contract for the NHS Federated Data Platform (FDP), NHS England made an assessment of the cyber risk and the protections offered by each bidder. The FDP has extensive security arrangements in place to manage cyber risk, including:
It is a contractual requirement that personal data stored in the FDP and its associated services (FDP-AS), including the NHS-Privacy Enhancing Technology, cannot be accessed by the provider’s own personnel or contractors from outside the United Kingdom. The FDP-AS contract stipulates that all data must be held within the UK and is subject to UK Data Protection Law, including the UK General Data Protection Regulation.
All FDP data processes and systems need to comply with the Technology Code of Practice, Government Data Standards, the Department’s Guide to good practice for digital and data-driven health technologies, the Data Protection Act 2018, and the UK General Data Protection Regulation, the Information Commissioner's Office’s guidance, and associated regulations, standards, and guidance.
The contract was awarded in conformance with public sector procurement law, as required. The National Health Service ran an independent procurement exercise. The choice of preferred supplier was not made by a single person, as it was the result of assessment by many different individuals. NHS England has a duty to treat all suppliers the same regardless of the public perception of any organisation, or the opinions held by any of their shareholders.
NHS England cannot exclude any supplier that is lawfully established and able to bid from participating in the procurement. The procurement process received external validation from multiple Government departments, as well as independent evaluations by Infrastructure and Projects Authority reviewers. There were no identified security concerns in relation to the contract awarded for the NHS FDP.
The Procurement Act 2023 has introduced new powers to exclude and debar suppliers from public sector contracts if they pose a national security risk. Cabinet Office has established the new National Security Unit for Procurement, which is responsible for investigating suppliers on national security grounds, both within the Government supply chain and for the wider public sector.
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, what due diligence steps his Department takes to assess national security risks before awarding public health data contracts to firms with links to (a) foreign intelligence or (b) military operations.
Answered by Karin Smyth - Minister of State (Department of Health and Social Care)
In awarding the contract for the NHS Federated Data Platform (FDP), NHS England made an assessment of the cyber risk and the protections offered by each bidder. The FDP has extensive security arrangements in place to manage cyber risk, including:
It is a contractual requirement that personal data stored in the FDP and its associated services (FDP-AS), including the NHS-Privacy Enhancing Technology, cannot be accessed by the provider’s own personnel or contractors from outside the United Kingdom. The FDP-AS contract stipulates that all data must be held within the UK and is subject to UK Data Protection Law, including the UK General Data Protection Regulation.
All FDP data processes and systems need to comply with the Technology Code of Practice, Government Data Standards, the Department’s Guide to good practice for digital and data-driven health technologies, the Data Protection Act 2018, and the UK General Data Protection Regulation, the Information Commissioner's Office’s guidance, and associated regulations, standards, and guidance.
The contract was awarded in conformance with public sector procurement law, as required. The National Health Service ran an independent procurement exercise. The choice of preferred supplier was not made by a single person, as it was the result of assessment by many different individuals. NHS England has a duty to treat all suppliers the same regardless of the public perception of any organisation, or the opinions held by any of their shareholders.
NHS England cannot exclude any supplier that is lawfully established and able to bid from participating in the procurement. The procurement process received external validation from multiple Government departments, as well as independent evaluations by Infrastructure and Projects Authority reviewers. There were no identified security concerns in relation to the contract awarded for the NHS FDP.
The Procurement Act 2023 has introduced new powers to exclude and debar suppliers from public sector contracts if they pose a national security risk. Cabinet Office has established the new National Security Unit for Procurement, which is responsible for investigating suppliers on national security grounds, both within the Government supply chain and for the wider public sector.
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, whether contracts awarded to Palantir Technologies Inc. for NHS data infrastructure permit cross-border data sharing without UK regulatory approval.
Answered by Karin Smyth - Minister of State (Department of Health and Social Care)
In awarding the contract for the NHS Federated Data Platform (FDP), NHS England made an assessment of the cyber risk and the protections offered by each bidder. The FDP has extensive security arrangements in place to manage cyber risk, including:
It is a contractual requirement that personal data stored in the FDP and its associated services (FDP-AS), including the NHS-Privacy Enhancing Technology, cannot be accessed by the provider’s own personnel or contractors from outside the United Kingdom. The FDP-AS contract stipulates that all data must be held within the UK and is subject to UK Data Protection Law, including the UK General Data Protection Regulation.
All FDP data processes and systems need to comply with the Technology Code of Practice, Government Data Standards, the Department’s Guide to good practice for digital and data-driven health technologies, the Data Protection Act 2018, and the UK General Data Protection Regulation, the Information Commissioner's Office’s guidance, and associated regulations, standards, and guidance.
The contract was awarded in conformance with public sector procurement law, as required. The National Health Service ran an independent procurement exercise. The choice of preferred supplier was not made by a single person, as it was the result of assessment by many different individuals. NHS England has a duty to treat all suppliers the same regardless of the public perception of any organisation, or the opinions held by any of their shareholders.
NHS England cannot exclude any supplier that is lawfully established and able to bid from participating in the procurement. The procurement process received external validation from multiple Government departments, as well as independent evaluations by Infrastructure and Projects Authority reviewers. There were no identified security concerns in relation to the contract awarded for the NHS FDP.
The Procurement Act 2023 has introduced new powers to exclude and debar suppliers from public sector contracts if they pose a national security risk. Cabinet Office has established the new National Security Unit for Procurement, which is responsible for investigating suppliers on national security grounds, both within the Government supply chain and for the wider public sector.