Question to the Department of Health and Social Care:

To ask Her Majesty's Government, further to the Written Answer by Lord Kamall on 20 April (HL7747), whether the "Immunisation and Vaccination Management Capability" includes non-COVID vaccinations such as influenza; what is the legal basis for that capability; and what are the legal bases for the processing by Palantir of (1) individual-level, (2) identifiable, and (3) named, patient data for the "Trust Care Coordination Solution".

The Immunisation and Vaccination Management Capability includes non-COVID-19 vaccinations, such as influenza and is compliant with the UK General Data Protection Regulation (UK GDPR), specifically in the category of “provision of health and social care” and “public interest in the area of public health”. The Capability does not process patient-identifiable data.

National Health Service trusts using the Trust Care Co-ordination Solution remain the controllers of patient data and appoint processors such as Palantir to undertake processing tasks at its direction or on its behalf. The Solution directly supports patient care delivered by NHS trusts under the UK GDPR as the processing of “public task/official authority”