Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, what safeguards are in place to ensure that data accessed or processed through the NHS Federated Data Platform cannot be repurposed, now or in the future, for immigration enforcement or other non‑health-related functions, including by third-party contractors or their overseas affiliates.

Data held within the NHS Federated Data Platform (FDP) remains under the full control of the National Health Service at all times. The supplier does not control NHS data and is not permitted to access, use, or share data for its own purposes.

The supplier cannot view NHS data unless explicitly authorised by an NHS Data Controller. The supplier acts solely on the instruction of the NHS when processing data on the platform. The FDP and Associated Services contract includes strict confidentiality requirements, supported by governance arrangements to oversee delivery and the use of the platform.

It is a contractual requirement that data held within the NHS FDP cannot be accessed by supplier staff or contractors located outside the United Kingdom. These arrangements ensure that NHS data remains under UK jurisdiction and that all data processing takes place within the UK.

In line with the General Data Protection Regulation principles of transparency and accountability, NHS England has published information within the FDP Information Governance Framework. Data held within the FDP cannot be accessed or processed by non‑UK Government entities.

There are no products within the NHS FDP that hold immigration status or residency status. Immigration or residency data does not form part of NHS England data collections, nor does it form part of an individual’s health record.