Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, whether the Federated Data Platform’s architectural governance model includes constraints on cross-domain identity federation between (a) NHS instances and (b) other public sector deployments of (i) Foundry and (ii) Gotham.

Each local organisation operates its own instance of the NHS Federated Data Platform (FDP), for which it is the data controller. These instances are designed to support local autonomy and governance, allowing organisations to opt into core products that enhance patient care delivery.

The architectural governance model of the FDP does not include provisions for cross-domain identity federation between National Health Service instances and other public sector deployments of Foundry or Gotham. Instead, the platform enables local organisations to connect and share information currently stored in separate systems, but only where there is a legal basis to do so. This ensures that data sharing is conducted within a safe and secure environment, respecting organisational boundaries and data protection obligations.

Further technical and governance details are outlined in the information governance framework for the FDP, which confirms that all data remains within United Kingdom sovereign zones and that access is restricted to authorised personnel. The information governance framework for the FDP is available at the following link:

https://www.england.nhs.uk/long-read/federated-data-platform-information-governance-framework/