US big data firm is using confidential UK coronavirus patient information to build 'COVID-19 datastore'

There are privacy concerns following the revelation that confidential data from UK coronavirus patients is being used by technology firms and government to build predictive computer models to help fight the pandemic.

US big data firm Palantir and UK AI startup Faculty are working together to put together what has been described as a "COVID-19 datastore". Pulling together information from government databases as well as information from health services, the project also makes use of highly personal data relating to individual patients according to documents seen by the Guardian.

See also:

• Coronavirus means Unicode 14.0 emoji are delayed by six months... so you can still submit ideas
• Apple and Google join forces to spy on Android and iPhone users for Coronavirus purposes
• Twitter's Jack Dorsey donates $1 billion to fund coronavirus research

The datastore is being created at the request of NHSX -- the digital transformation unit of the National Health Service -- with the aim of giving officials "real-time information about health services, showing where demand is rising and where critical equipment needs to be deployed".

The Guardian was able to access documents about the project via an unrestricted online portal -- something described to by sources as a "shocking data breach". While the openly accessible documents do not themselves contain confidential patient data, they are highly revealing of the sort of data that will be involved. A UK government source said that the amount of confidential health information involved in the project is "unprecedented".

The documents show that:

• While anonymised, confidential 111 [the NHS advice phoneline] information in the Covid-19 datastore may include people's gender, postcode, symptoms, the mechanism through which any prescription was dispatched to them, and the precise time they ended the call.
• The project appears to be using a "pseudo NHS number" to cross-match large datasets, including a master patient index, an existing NHS resource that uses "social marketing data" to segment the British population into different "types" at household level.
• While not a current priority, phone location data could be used in the datastore after it was "offered" to the government by two private companies for help with contact tracing. The NHS declined to say which companies had offered the location data or how it would be used.
• Faculty's proposed simulation of a policy described as "targeted herd immunity" was part of an NHSX and Faculty planning document considered around 23 March, more than a week after ministers insisted the controversial policy was no longer being contemplated.

In addition to the worry about the types of data involved, there are also concerns that the project is developing at "alarming speed" and that there is "insufficient regard for privacy, ethics or data protection".

An NHSX spokesperson said: "Strict data protection rules apply to everyone involved in helping in this critical task".

Image credit: Sirisak_baokaew / Shutterstock