(Bloomberg) -- A deal between the UK’s National Health Service and Palantir Technologies Inc. has drawn legal threats from UK-based doctor and patient advocacy groups who are demanding more clarity on how the health service plans to comply with data-protection law.

The Doctors’ Association UK, National Pensioners’ Convention and Just Treatment have, with the help of nonprofit activist law firm Foxglove, called on NHS England to disclose how data moved into Palantir’s Foundry software platform will be safeguarded. They’ve also asked for information about what, if any, patient consent mechanism will be put in place as part of the “Fast Data Flows” pilot. 

The advocacy groups also want to know how the pilot impacts the planned procurement process for a £360 million ($432 million) NHS data contract that many believe Palantir is likely to win.

“Our clients are hampered by a lack of clear information regarding the pilot, its origin, purpose and -- importantly -- its safeguards,” Foxglove lawyer Rosa Curling said in a letter sent to NHS bosses on Monday. She added that the pilot “appears to constitute a significant transfer of sensitive health data from acute trusts into Palantir’s Foundry system without patient consent, consultation, or transparency.”

An NHS spokesperson declined to comment on Foxglove’s letter, and said the project is covered by an existing contract for data collection that was set up during the Covid-19 pandemic. Streamlining data collection will help the health service “better plan and allocate resources to maximize outcomes for patients, whilst ensuring that data control remains with the NHS,” he said. 

Palantir spokesman Ben Mascall said that the company was “happy to meet with Foxglove or anyone else to explain how our software can help save lives and deliver better health outcomes while ensuring data privacy and security.” 

“We’re proud of our work to date with the NHS,” which includes software that supported the Covid-19 vaccine rollout, he said. The company’s software also helped manage waiting lists at hospitals in Chelsea and Westminster, which saw a 28% reduction in its backlog, Mascall said.  

According to a description of the pilot included in an NHS Digital board agenda, dated Nov. 1, patient data would be anonymized, according to the Information Commissioner’s Office guidelines. The data, therefore, wouldn’t require an opt-out mechanism. 

The agenda also states that working with Palantir is “likely to be perceived by some privacy campaigners as contentious and therefore there is a relatively high risk of media coverage and adverse comment about this,” and that NHS England’s media team should be prepared.

Working with Palantir is “likely to be perceived by some privacy campaigners as contentious and therefore there is a relatively high risk of media coverage and adverse comment about this.” 

- NHS Digital

Read more: Palantir Had Plan to Crack UK Health System: ‘Buying Our Way In’

The “Fast Data Flows” pilot will collect data about admission, discharge and outpatient activity including patients’ NHS numbers, date of birth and post code daily -- instead of weekly or annually -- to help managers make better decisions about resource allocation at a time when patient backlogs for treatment are at record highs. NHS Trusts will have access to dashboards of aggregated data, but won’t be able to access or download any individual patient data. 

The development and launch plans are already in process, according to the NHS Digital agenda.

The letter called on NHS England to provide a detailed explanation of the pilot, including how patient data will be processed and pseudonimized, in order to determine whether data-protection laws, which require consent to process and transfer such data, are being breached. It also asked NHS England to publish a data protection impact assessment and explain how the pilot was authorized without a “full and legal procurement process.”

“Every patient has the right to a say about who sees their health record,” said Cori Crider, director of Foxglove. “But through woolly misuse of terms like ‘pseudonymization,’ and pretending this is the same as anonymous data when it isn’t, the government is claiming they don’t have to honor people’s opt-outs. That’s wrong.” 

(Updates with NHS and Palantir’s comments from the fifth paragraph)

©2022 Bloomberg L.P.