Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, pursuant to the Answer of 17 November 2025 to Question 88027, to introduce safeguards to govern access to identifiable patient data by non-NHS personnel within the Federated Data Platform.

Safeguards are already in place governing access to identifiable patient data and non-National Health Service personnel within the NHS Federated Data Platform (NHS FDP).

The NHS has strict policies in place for managing access to patient data and carries out regular audits to ensure compliance, including monitoring the work of engineers helping to set up the central data collection platform (NDIT) that will track NHS performance and help improve care for patients. Anyone requiring administrative access to NDIT must have government security clearance and be approved by a member of NHS England staff at director level or above.

All staff are trained and fully aware of their responsibilities when accessing and using data to only use the minimum required for their purpose.

External suppliers are processors on contracts with relevant security and data protection clauses contained within the agreements. Internal security and data protection processes are in place within NHS England, contracts of employment and other organisational policies provide further safeguards against data misuse.