The Single Patient Record from Palantir was debated in Parliament on Monday, 1st June – we’ve covered what was said in another piece. Here we focus on what was deliberately ignored by the civil servants who wrote the briefings, and by the Ministers who reviewed them and read them out.

Victims of terrorism in Nottingham had their records accessed by hospital staff who had no reason to look. The hospital didn’t check until diligent work by the victims’ families forced an investigation – and then the hospital covered it up until more work by the families forced the hospital to start to come clean. It still hasn’t completely done so.

Victims of terrorism in Southport had their records accessed by hospital staff who had no reason to look. The hospital covered it up until journalists found the paperwork. Only then did the hospital tell the victims, just before the journalists published – which was after the Public Inquiry was over. (The hospital didn’t tell the Inquiry either.)

As HSJ puts it: “When is a cover-up not a cover-up?” Apparently it’s “When the decision to keep something quiet is based on clinical advice” – and almost anything can be supported by clinical advice.

Creepy single doctors look up the medical notes of the women they go on dates with. 

An MP mentioned that a woman’s maternity records were accessed after she started campaigning for better maternity care.

A stalker working at a hospital looked at the GP notes of their victim.

This behaviour is endemic. It is normalised. It is abusive. And it is covered up in the hope that patients won’t find out – a cover-up that normally works.

It may be wrong, but it’s entirely rational for a hospital to hide the abusive actions of their staff – the only thing that will stop such abuses is for patients to see when and where their records were accessed. Because then there can be no cover-up. Staff creep because they think they’ll get away with it, and because their institution will most likely cover it up even if they get caught. 

The Single Patient Record will make complete access to everyone’s entire medical history – prescriptions, notes, locations, and DNA – all readable wherever the NHS logo is seen; not just to doctors, but all those who work there.

The National Data Guardian has also just disclosed that she was told that “access to identifiable patient information would be limited to NHS staff with a legitimate need. However, since then, recent media reporting, and subsequent confirmation from the programme team, indicate that some external contractor staff also have access to identifiable patient information”. The Department of Health in England misleading the Guardian of patient data about what they’re doing undermines all the arguments made about how the Department will protect the Single Patient Record.

The new Health Secretary 

James Murray was appointed Secretary of State in early May. How many times were his medical notes read in the next few days? Does he really believe the number was zero? Does he have a way to know? If he does, why is that not available to all patients? 

Wes Streeting said in debate:

“Some will say that there is a contradiction: that centralising accountability and giving patients more control over their own data pull in opposite directions. But that is precisely the point. For too long, power in the NHS has sat in a no man’s land—an accountability sink, too distant from patients and citizens to be meaningful and just far enough away from Ministers that there is plausible deniability when things go wrong. The Bill takes back power in order to give it away: accountability for Ministers where it belongs, and power for the patient where it belongs, too.

The Government must face down powerful producer interests on patient data. Our health data is precious. Two things matter above all else: that our data is held securely and that it is used ethically. However, the single patient record is one of the most important reforms of the NHS for decades. It is frankly unsafe, as well as absurd, that patients are still being asked to repeat their medical history every time they access a different service. We also have to take on the producer interest of those who think patient data belongs to them rather than to patients. Our health, our data, our NHS—patients should control who can access their data, and they should control their own data.”

That may be what he thought his Bill did – it’s certainly what he said it does – even if he did refer to it as the “NHS Modernisation Bill”, which it isn’t.

However, the Department beneath him was using the SPR and related changes to remove choice from patients and use their data however the Department of Health decides it can. 

Mr Streeting complains it is “producer interests” who want control, because his Department never included in a briefing their assumption that that the Department should take control away from patients and keep it for themselves. Mr Streeting is very aware that no Secretary of State continues forever (at least now he is) and that what he says currently has no more weight than the statements of any of the other MPs that Ministers just ignored.

The Department of Health and Ministers are in denial of the scope of abuses

As HSJ described, the institutional response is to say “clinical advice” and to cover up the access – institutions covering up for creepy staff in their institutions. When DH appoints their new “Director of Privacy and Information Governance”, Jimmy Saville would fit right in.

Many accesses are legitimate, some are not – and the only person who’ll know whether an access was legitimate or creepy is the patient. And ‘Information Governance’ is used as an excuse not to tell patients.

No computer can know why you walked into A&E. It can make a guess based on what you tell the doctor and what’s happened before, and sometimes that guess will be right. But sometimes isn’t good enough.

For a patient with sickle cell disease and nothing else, walking into A&E and asking for morphine is a thing you can do. Straightforward cases are already straightforward.

Does the fact that you got hit by a bus this morning relate to the fact that you’re depressed and have previously had self-harm ideation? A month ago? A decade ago? When does the line get drawn? “Clinical advice” will be that it should always be included because it could at any time be relevant. If you tell your doctor something once, will it become something that is flagged at the top of your summary forever? Is everything that ever appears in a transcript of a consultation suitable for consideration in the summary? Unless the summary is perfect, and even if it is, a doctor is still going to ask a patient why they’re there.

When Ministers say they’re doing what people want, are they sure that the details have been accurately presented to people? And if so, why does the Bill provide no meaningful choice for patients about whether they have this?

It is up to the new Health Secretary (or Parliament)

Given all the news about abuses of patients’ records – current cases being only the latest in a long history of examples – why did Ministers not commit to protecting patients’ information beyond platitudes that are demonstrably insufficient? If the summaries are rich and detailed enough to be perfect in every consultation, they will get used for other things as well.

The new Health Secretary claimed he’ll hold steady and will follow the direction of his predecessor. That may be his intent, but the officials and institutions below him will try to water down the supposed safeguards – always claiming “clinical advice” – to make achieving their own aims easier. 

Without a clear commitment and legal obligations, the long history of creeping on medical records will get ever longer.

Parliament has the opportunity to do something about it.

===

Find out what happens next: Sign up for our newsletter (we don’t email often) or get small frequent updates via Substack — free to follow, and we are grateful to all those who can donate to help more of this work.

The Health Bill was debated in the House of Commons. 

In his first debate in the House of Commons, the new Secretary of State for Health James Murray joined the side of the ghouls and creeps who read medical notes simply because they can. Nottingham victims, Southport victims, others all covered up, and Ministers said nothing beyond platitudes that it’ll all be fine, platitudes that DH officials working on the Bill are already breaking and undermining, deliberately and knowingly.

One MP said: “My constituent, whose family member was brutally murdered, is rightly horrified that victims’ NHS records were shared unlawfully online with NHS workers—she called it “repugnant voyeurism”, and she was right to do so. I hope the Minister will echo the apology of the trust and condemn that kind of behaviour.” Ministers did not echo the apology and did not condemn the behaviour, in fact they propose to exacerbate it.

The Bill debate came straight after MPs debated the new guidance on who can/must have their genitalia checked in order to enter a toilet in a public building. MPs then moved seamlessly on to data sharing such that anyone in the NHS can access any data they feel they need, and it will come down to Ministers to decide what information must be shared, not patients. Indeed, there is no legislative basis for patient control over sharing at all.

SPR means choices being taken away

Layla Moran described a constituent “who described how repeatedly recounting traumatic experiences compounded her own suffering. The single patient record could be transformational for her and others who find recounting traumatic experiences difficult.”

Patients tell their story all too often, but equally they may not wish to share all information with all care providers – do all the staff in your local pharmacy have to see the notes on consequences of prostate surgery?  Or see the reason that you have the prescriptions you do?  Or the full detail of the “traumatic experiences” being shared – the NHS knows all of it, it recorded all of it, including all of the details that the patient wishes no one read about every time they walked in the door. Giving all the information to everyone is no better than giving it to no one if it’s not reliable. Your record will be fed to a Palantir AI and summarised by them. How relevant is the cause of a self-harm incident at 19? or 14? What’s the risk averse summary? Is every event ever mentioned in every transcript of a consultation includable in the summary?

Wes Streeting said in his speech: “Our health, our data, our NHS—patients should control who can access their data, and they should control their own data”. Yet the Bill Mr Streeting introduced does not do that, it’s what he says, but the Bill and his (former) Department does the opposite. Did Wes Streeting mislead the House on what he believes, or did his former Department just ignore him?

Promises keep getting broken

There were promises of safeguards to come – in secondary legislation that the Commons has no ability to amend. 

The clarion example is the Summary Care Record – which already does much of what the SPR is supposed to do. Prescriptions, notes, major details. The Summary Care Record already has an opt out, with a form in the pack of paperwork that you used to get when you registered with a GP. In 2024 NHS England forced GPs to accept online registrations, and low level officials in NHS England absolutely refused to ask patients whether they wanted such a record. Instead this is the text that is shown to patients who might want to opt out – more punishment paperwork because patients want to express a choice. This is the Digital NHS in practice – digital only if you do what Officials want to make easy.

Choices get watered down in the process.

Unless the SPR has a clear statutory opt out, DH officials will water it down at every opportunity, as is currently happening yet again with the National Data Opt Out reform process – where what Wes Streeting said was outright refused by his officials. 

Former Minister Dr Ahmed argued data “must be used for the benefit of patients” and it seems DH believes that is for DH alone to decide that, not patients. 

Secret?

The House was told that the system will be “Critical National Infrastructure”, but that does not protect any of the data in it from those who can use it.

Government classifies some of its plans for the SPR so that MPs and the public don’t know anything about them until the Bill has passed – will the consolidated single patient record be covered by the Official Secrets Act, so that abusing it to creep on neighbours, campaigners and victims of terrorism will be something Whitehall cares about? 

Unlikely, because DH officials are making the policy guess that in return for the NHS staff being allowed to keep creeping on victims, they’ll get to use the data however they want too.

In practice, it would be entirely in line with what Ministers have said that patient data be accessible to anyone without sanction, but the audit trail could be classified so no patient can ever see it.

We’ll have more on the SPR and the Bill debate shortly

Find out what happens next: Sign up for our newsletter (we don’t email often) or get small frequent updates via Substack — free to follow, and we are grateful to all those who can donate to help more of this work.

The reasoning behind the Single Palantir Record is incomplete without considering the National Online Hospital. The NOH is entirely missing from the Health Bill, but is a key part of the 10 Year Plan.

The initial argument for the National Online Hospital is that simple cases, check-ins and monitoring can be done via the App at home by a virtual team of doctors (and eventually AIs) who you don’t need to meet with unless you actually want to. That consultation meeting could have been a text message…

Government may respond today at Second reading of the Health Bill about the ghouls and creeps who abuse hospital (and GP) records, most notably recently of Southport and Nottingham victims, and the abuse was deliberately covered up.

A light touch option for light touch cases? Or for all cases?

If your blood pressure is normal and you do your own readings, there’s no need to go to the clinic for that unless you want to – or if a medic spots something is up.

For some conditions, that’s entirely reasonable and it’s what some patients want. 

Indeed, the first nine specialties being addressed by the National Online Hospital all fall into the ‘measurable at home’ bucket – or where many patients report they fall between different silos of the NHS, where remote specialism care might create a better option with no risk of a postcode lottery.

Even if what you end up needing is a blood test or a physical scan of some kind, the online hospital will book you in to wherever is most convenient to you to have it done: your local Community Diagnostics Centre, hospital, or GP.

Care can be prioritised, but it can also be deprioritised – and decisions about new care pathways are being politicised (e.g. ADHD, trans care) which is only possible at national scale. The consequences of national decision making on General Practice will be bad for your local GP, even if it makes DH feel good. 

Also, dealt with from a distance, the overriding imperatives will be about counting patients and showing that process was followed, rather than actually giving individuals the good care that they want.

The Online Hospital will have to keep records

To make this work, there needs to be a universally visible and accessible patient record – maybe on a Data Platform which is “Federated” across the NHS? Enter the Single Palantir Record.

The NOH is starting with low-hanging fruit where there’s clear desire and patient benefit for the new operating model – which will be highly dependent upon the provider of the EPR to make it work, and to design the pathways. Enter Palantir.

There are many reasons to do a National Online Hospital, as well as Community Diagnostic Centres, but when you put them together in this way, the logic becomes clear.

By definition, the Electronic Patient Record for the new NHS Online Hospital will be the Single Palantir Record, because that’s what DH has decided the SPR is for. Arguing that the NOH should have its own different EPR would undermine the reasoning for both the National Online Hospital and a Single Palantir Record. 

Over time, DH will then argue that having a Single Patient Record with everything in it as well as a separate GP record is duplicative – and so the core funding for GP record systems will be cut off, as DH refuses to pay for the duplicate service. (If GPs want to maintain their own systems, they’ll have to pay for them) 

The NHS has to figure out how to deliver care when the Secretary of State may meddle in every minor structural decision they take. When they’re sure the new Hospital is good, they’ll give it the Royal imprint. But not yet.

===

Find out what happens next: Sign up for our newsletter (we don’t email often) or get small frequent updates via Substack — free to follow, and we are grateful to all those who can donate to help more of this work.

One day it was named the NHS Modernisation Bill; the next it was published as the Health Bill, with this funny line in Hansard: “Secretary Wes Streeting, supported by the Prime Minister”… oh.

Clause 1 is wonderful: “NHS England is abolished”, but they didn’t stop there.

Below is a short and more technical than normal summary. We’ll go through things a bit more slowly over time (added 28/5: we have some draft amendments for now).

The public engagement process on data has been so distorted by NHS England (which is also being abolished by the Bill) that the purposes that least concern the public will have the most opt outs applied  (bona fide academic research), yet the purposes that most concern the public are likely to have no opt outs applied  (privatisation, commercialisation, and Government uses).

In Parliament, MPs can vote against the programme motion to give more time for assessment and discussion – none of that happened before the Bill was published. Voting down the programme motion is to wait for Andy Burnham to reassess this process, and do the work Mr Streeting never did.

There is no obligation in the Bill for all uses of NHS data to be consensual, safe, or transparent – indeed, many of the provisions allow the opposite.

The main announcement is that you will have a Single Palantir Record containing all of your medical notes, all your prescriptions, and your DNA sequence – all controlled by a politician, accessible and sold to whoever he sees fit. This wasn’t in the briefing Wes gave to make his plans sound good, but if the SPR regulations are unchanged, your GP opt out will be wiped away so he can sell your data.

To those who think going private will help them, there are powers to demand data from regulated private entities in a range of circumstances – which will become a chew toy of the Secretary of State. Registered medical professionals will be told they are unfit to practice if they don’t use the Single Palantir Record, and if they do use it they’ll be forced to write your private health details back into it. 

Andy Burnham’s Greater Manchester NHS has repeatedly shown how FDP would be a step backwards for them – and this is Wes Streeting using his last vestige of political power (for now) to take a system that works for others, and replace it with a product whose supplier paid his mentor. 

Any good intentions are obscured by the power grab and the complete lack of protections for patients. Indeed, there are more protections in this Bill for the ‘Federated Data Platform’ (i.e. Palantir) to burrow deeper into the NHS than there are protections for the patients’ data within it. How very Wes Streeting, who, when introducing the Bill, knew he wouldn’t be the one to wield those powers himself.

Your medical notes, prescriptions, and DNA will be used however a politician decides; you’ll have no say and no choice. 

Line 20 on page 100 is the key: it says the NHS must do whatever politicians decide, with any medical records they have anywhere. The Secretary of State for Health can take any data (s)he chooses and punish those who complain or push back. Patients will have no rights and no choice. [added 28/5:] For clarity: that clause largely continues existing weak limits what the NHS does about publication – any “sharing” or “access” that is not “publication” is entirely outside of the scope of that clause

The Bill also strips away all of the existing statutory processes, and forces all current data flows to happen through Single Palantir Record. The usual requirement of adulthood for social care uses of data is missing – this also applies to vulnerable children. It’s a very Peter Mandelson Bill.

Clauses 47-57 are all about Data. You will have a Single Palantir Record, and you will not have a choice about your data being in the (former) NHS England data platform, known as the Federated Data Platform, that is provided by Palantir. 

• The test to be met for the Secretary of State to take a copy of your medical notes is if it is “expedient”, or when “the Secretary of State considers that disclosing the information is a proportionate means of achieving a legitimate aim” [Schedule 7 clause 11 (261) (2) (g) & (j)] 
• Secretary of State will collect all data he wishes about you, and share it as he wishes, and only Secretary of State’s views matter [Schedule 7 clause 5, plus Sch 7 cl 6-10]
• You may choose not to look at your Single Palantir Record [Sec State can’t make you]
• You may choose not to look at who in the British Isles has accessed your Single Palantir Record, to the extent that Secretary of State chooses to show you (there’s no punishment if they creep on you) [cl 250E(5)]
• You shall have a Single Patient Record, and you shall have no opt out [none in the Bill]
• Your Record will be updated how the Secretary of State or someone else decides. [cl 49(3) & 49(4)]
• When you talk to one part of the health and care system, the Single Palantir Record will reach into your notes and records at other providers you receive care from, and rewrite those records [page 7 of the impact assessment]
• Your ability to opt out of research appears to be taken away [Sch7 cl 11(261)(2)(d)]
• Commercial users are fine, and you’ll have no choice about that either [cl 48(5)(7)(a)]
• Read and write access reaches “anywhere in the British Islands;” [cl 47(2)205E(c)(ii), also cl 50 & 52]
• And if your doctors don’t like this, they’ll be fined or punished by regulators [cl 47(2)205E (2)(d), 250F]
• The “British Islands” reach also applies to research, so a corrupt cartel outside of England – hence outside England-only enforcement powers – can resell any/all of the data placed in Palantir (i.e. every English patient’s data) under the custom rules of a “British Island” but off-shore tax haven. England also takes over a lot of decision making about anything on the platform, overriding devolution by not simply not caring about others’ views and making it a ‘take it or leave it’ offer [53-56]
• All duties of confidence relating to your records are set aside for whatever purposes the Secretary of State decides [“may” in cl 47(2)250E(3) vs 250E(4) & (5)]
• There should be rules against abuse, but there’s no legal basis for any punishment [cl 47 (2)250E(2)(5)]
• All of the existing data flows around the NHS shall be merged into the Single Palantir Record powers above, as has already begun under ‘faster data flows’ [cl 49(3)251ZF & cl 49(4)277G]
• The Bill extends the scope of NHS data, but does not expand the remit of the National Data Guardian to match. There will be no Guardian with remit over the expansions. {line added 16/5}

Clause 47(2) covers all health and social care – including both adult and children’s social care, despite children’s social care not being a function of the Department of Health. (We assume the Department for Education will have something to say about this.)

Sharing data across government (or beyond) would be covered by it being either “expedient” or a “proportionate means of achieving a legitimate aim” – the lowest of low bars. This is the sort of test that Peter Mandelson and Tony Blair would love.

References to “the British Islands” are weird. This means that data about English patients can be processed in Scotland under Scottish rules – which is an entirely different mess, which we’ll pick up again soon – and the entire Bill ‘goes GB’; it’s UK-wide, with hooks for Northern Ireland too.  The so-called “Secure Data Environments” in England are trying to harmonise themselves so that decisions by one are binding upon them all, but now data can flow over the border and into UK Biobank-style messes enabled by Scotland on English-only data – not forgetting that HDRUK and UK Biobank share a culture. (The tax haven clauses suggest Mr Streeting was assuming his allies would have control in both Scotland and Wales after the recent elections – an assumption that couldn’t have been more wrong, and which undermines other of his recent actions.)

After this Bill passes – if it passes – then cancer care in the NHS will be limited to a false choice of either ‘all your DNA goes into Palantir’ or ‘you die, US style’. Any promises made risk repeating the precedent of allowing UK Biobank to use “pandemic only” GP data however they cho(o)se, which meant it was all for sale in China and freely available on the internet. Any promises made in the next claim of emergency will get broken, and data once taken in an emergency will be retained – because Wes already decided that can happen.

At this point, and given the Bill was published to surprise everyone, the Bill as introduced is so blunt and far reaching that MPs should vote against the programme motion, to allow sufficient time for notification and responses from those bodies who will be obliged to comply with the Bill. 

Mr Streeting took lessons from his political mentor Mr Mandelson in trying to ram this through by imposition. The House of Commons can tell the new Secretary of State to take some more time. 

Because fixing this mess will take time.

Other clauses

medConfidential and others will pick up clauses 2-46 over time, which are most of Wes’s top-down reorganisation written into law – taking even more powers to himself. 

Clauses 4-7 of this Bill will throw Clauses 1 of the NHS Act 2006 into an utter mess. One of the many organisations jockeying for influence should convene a process to take all of the different clause 1 additions to NHSA 2006, and promise an amendment which leaves something coherent after this Bill – there are 4 clauses to play with, and it might turn chaos into some form of order… 

[added 28 May: there has been some (seemingly unpublished) suggestion that “SPR proposals move data sharing from local discretion towards national coordination” and that “The SPR is being introduced for direct care, but there is a need to future-proof wider use”. The Bill is explicitly not just for direct care, so wider use is already in scope, and supposed “national coordination” is local areas, including potentially areas outside of England, making decisions about national datasets of all patients in England.]

Bill work

medConfidential currently has zero funding for this work. Very few funders care about the NHS and protecting data – unless it’s reducing the protections, which is extremely profitable. Can you help?

medConfidential’s newsletter is infrequent – we won’t waste your precious time. We also have a free substack for notifications when we post new information. 

[if you are looking for opt out instructions, they’re on our how to opt out page]

medConfidential welcomes Wes Streeting’s realisation and admission that he cares more about himself than about NHS patients. Mr Streeting has yet again picked himself, as almost every decision he made in the last 2 years implied he would – the Biobank data scandals being just the latest example.

The forthcoming NHS Half-Measures Bill could be improved by putting on the face of the Bill measures to show patients how the NHS respects their choices on the reuse of their medical records; to see who has accessed their records, and from where; and to use transparency to protect everyone from the next protégé of Mr Mandelson who decides to put himself first.

The NHS Bill could have protected patient data at its announcement – it was a Ministerial decision that it doesn’t, and an amendment can change that.

We would welcome a new Secretary of State who will reassess such decisions, and others like them, unconstrained by their political mentor’s commercial choices.

(we’ll update as the replacement is announced)

Find out what happens next: Sign up for our newsletter (we don’t email often) or get small frequent updates via Substack — free to follow, and we are grateful to all those who can donate to help more of this work.

We’ll have comments on the Single Palantir Record, the NHS Modernisation Bill, and the King’s Speech when we’ve seen the Bill.

That a now-resigned Minister announced an England only scheme to solve a problem he had in… Glasgow (not in England!)… suggests that a Secretary of State, Mr Mandelson’s political protege adding services to a customer of Mr Mandelson’s consultancy service, who even doesn’t want to have his current job when this Bill passes, might not have cared about all the details.

Will you be forced to have a Palantir Record, or will it be optional?

Will you be able to see who has accessed your notes, your prescriptions, and then your DNA?

Will those and other safeguards be on the face of the Bill, or will they be up to the whim of a Secretary of State on any given day?

[they’re not in the King’s Speech notes, so we might find out next week…]