Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, pursuant to the Answer of 1 July 2025 to Question 60619, from what date external contractors have been granted elevated or admin-level access to identifiable patient data within the Federated Data Platform, and for how long such permissions have been in operation prior to their public reporting.

Administrative access arrangements for contracted suppliers have been in place as part of the implementation and ongoing operation of the NHS Federated Data Platform (NHS FDP), as part of the controlled processes required to configure, operate, and maintain the system safely and effectively.

These access arrangements are not a new development and form part of the platform’s established operational and security model. A very small number of authorised supplier personnel may be granted controlled administrative access where strictly necessary, working under the instruction of NHS England, to deliver defined platform functions, such as system administration, maintenance, and resilience. These administrative roles are designed to support system configuration, maintenance, and operation, and do not provide unrestricted or routine access to identifiable patient data.

Such access has been consistently governed by contractual requirements, information governance controls, and Data Protection Impact Assessments, including those published in relation to the NHS FDP and the National Data Integration Tenant.

There has been no period in which these arrangements have operated outside of the applicable governance, contractual, and legal frameworks. They have been subject to ongoing audit, monitoring, and oversight in line with NHS England’s information governance and security standards.