Palantir Technologies UK, Ltd.

Palantir Data Platform for Health and Care Systems Analytics

Palantir's enterprise data management platform enables integrated care systems to analyse patient data to become more effective and efficient in the delivery of population health management services. Our solution provides data processing and analytical tools to support data-driven organisational planning, strategy, and assessment of care quality and outcomes.


  • Integration of financial data from care providers across any geography
  • Contextual analysis using data on the wider determinants of health
  • Unified provider view aggregating multiple demand and performance data sources
  • Flexible visualisation framework to enable search, analysis, and alerting workflows
  • Accelerated development and deployment of machine learning and artificial intelligence
  • Point-and-click and code-based applications for data cleansing by all users
  • Time-series analysis showing historic trends on utilisation and spend
  • Propagation of access controls from data source to analytical results
  • Tooling to support health research workflows using anonymised data
  • Fully extensible and interoperable with any legacy systems


  • High-quality provider data asset for comparing and evaluating care services
  • Closer monitoring of patient experience, allowing targeted improvements
  • Deeper understanding of spending across shared budgets
  • Refinement of budget and care plans using clear analytical insights
  • Capturing impact of decisions to continuously improve future planning
  • Secure, wide-ranging data access for research and clinical trials
  • Secure digital collaboration between data analysts, planners and consumers
  • Dashboards tailored for leadership to support financial decision-making
  • Fast and reliable verification of analytical results
  • Secure presentation and analysis of anonymised patient information


£66000 per unit

  • Free trial available

Service documents

G-Cloud 11


Palantir Technologies UK, Ltd.

Palantir Technologies UK, Ltd.

+44 203 856 8404

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints N/A
System requirements Dedicated Linux server infrastructure, running CentOS 7

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Varies upon the severity of the issue, but generally a 24/7/365 response is available.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Standard support is included in our Solution-Based Licence Costs. Our standard form Service Level Agreements (SLAs) can be provided on request.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started As commercial software, Palantir Platforms are intuitive platforms that can be used by technical and non-technical users alike. To help users learn to use the platforms, Palantir can design training plans and training materials based on our proven training curriculum. Curriculums include options for e-learning, instructional videos, and in-application help and support. At a high level, we can provide:

*In-person, instructor-led training: Palantir can hold specific training sessions at the customer locations tailored according to the user profile, specific contract requirements, and the project stage.
*Internet webinars: Webinars are available on a variety of topics, based on ongoing assessments of end user needs. Webinars allow flexibility scheduling, varying user adoption rates and location.
*Self-guided learning: Palantir also provides for self-paced training through our web-based video training application that includes features such as videos and documentation. We have successfully used our web-based video training method at many engagements with diverse user bases.

Additional information available on request.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Should an agency wish to extract their data when a contract ends, Palantir can export all existing data in the Palantir Platform into raw formats. Palantir Platforms have been purposefully designed to prevent vendor lock-in. As such, they have an open, pluggable architecture with publicly documented APIs at every tier of the software. All data in both platforms can be securely exported in non-proprietary formats for use in other databases or systems. We work with customers to determine the best export format(s) for customer datasets and their destination systems.
End-of-contract process F a customer decides not to continue with an engagement or at the end of a term licence, Palantir will return or destroy any customers confidential information per Palantir policy, regulatory, and contractual requirements. Data in the Palantir managed cloud is sanitised through destruction of the master encryption key and destruction of the virtual machines. Destruction of the key is irrevocable and would only occur in the event of deployment termination. This service is included in the price of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Service is accessible on Android and iOS mobile devices, although full functionality will not be available, as not all features will be supported. Further information available on request.
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
What users can and can't do using the API Palantir provides open, extensible Java APIs that can be configured to connect to any third-party system, tool, or database. We can configure plugins for data imports (e.g., to allow data from a third-party system to load directly into Palantir) and for data exports (e.g., to allow data and analysis from Palantir to load directly into a third-party system). These plugins are generic and non-proprietary. It is also possible to provide JSON-encoded RESTful APIs to Palantir's back-end, for integration with custom or third-party applications.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Palantir offers a modular system where additional functionality can be provided by the use of optional services. Additional services can be installed depending on user need - these can be configured by an administrator. Additionally, if the customer wishes, they can develop their own applications and services to be installed on the platform.


Independence of resources Palantir uses DNS routing, gateways and elastic load balancing to ensure availability. Dedicated accounts and virtual resources are used on a per customer basis.


Service usage metrics Yes
Metrics types Hundreds of metrics can be provided, some common examples are: average session length; drop-off rate; number of logins per user; number of accounts; and search speed.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All data stored in Palantir Platforms is stored in open format, giving an agency complete control over its data and enabling interoperability with other systems. Palantir’s open, publicly documented APIs can be configured to import or export to any system that exposes open APIs. There are no limitations on the data that can be exported from Palantir (subject to access controls), and administrators can export data from Palantir in a variety of formats, including but not limited to HTML, Microsoft Office (PPT, DOC, XLS) and ArcGIS (SHP). Data exports can also include the metadata regarding the data's source material references.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • ODF
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Level of availability varies depending on the specific project. Our standard form Service Level Agreements (SLAs) can be provided on request.
Approach to resilience Information is available on request.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Role-based access control means that only users with appropriate authority can access these features.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Palantir’s Security Team is headed by Palantir's Chief Information Security Officer (CISO), who is responsible for implementing a robust and effective information security program and assessing Palantir’s risk and control environment. For some specific UK Government requirements, Palantir adheres to the Cabinet Office Security Policy Framework and its derivatives.
Information security policies and processes Palantir is a ListX company. As a List X Company, for some specific UK Government requirements, Palantir adheres to the Cabinet Office Security Policy Framework and its derivatives. Additional information available on request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Palantir’s Change Management Policy sets standards for upgrading capabilities, responding to threats, adhering to laws/regulations, and complying with contract obligations; while limiting impact and ensuring adequate messaging. All changes to systems must be submitted as a “Change Request”. The relevant teams review the Request, prioritise, and develop a plan for implementation. Authorised Palantir Officials approve changes in accordance with Palantir policies and procedures, and notify customers of any major changes. Once the work is completed, the "Change Request" ticket is updated/closed. Development, Test, and Production environments are all separated to help ensure a separation of duties for systems and personnel.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Palantir’s InfoSec Team operates an industry-standard vulnerability management process. This includes vulnerability scanning, deployment reporting, third-party penetration testing, and monitoring of external sources for vulnerabilities. Palantir maintains full-time Application Security and Computer Incident Response Teams. The AppSec Team monitors software for security weaknesses. The CIR team is responsible for threat modelling and conducting threat intelligence. Palantir contracts third-parties to perform vulnerability and penetration testing at least annually. Findings are prioritised based on criticality, severity, and impact and tracked through tickets. Patches and configuration changes are pushed to Palantir Deployment Teams who push these updates to customer solutions using agreed procedures.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Palantir implements a broad spectrum of technical and operational controls that provide protection and detection of cyber-attacks, malicious intrusions, and malware. Endpoints are deployed with host-based intrusion detection systems and all network traffic is processed through network-based intrusion detection systems. Anomaly detection occurs through detection, alerting, and enrichment strategies implemented by threat intelligence engineers. Alerts are escalated to our Computer Incident Response Team, which provide 24/7 response capabilities across all Palantir assets. The Palantir Information Security Team provides incident detection and response capabilities across the entirety of Palantir's network.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Palantir has an incident management process for events that may affect the security, availability, or confidentiality of Palantir systems. This process specifies courses of action, procedures for notification, escalation, mitigation and documentation. The policy is available to all employees. To help ensure timely resolution of incidents, the incident response team is available 24/7 to employees and customers. When an infosec incident occurs, staff respond by logging and prioritising the incident according to severity. Events that directly impact customers receive the highest priority. An individual/team is dedicated to remediating the problem, enlisting the help of product/subject experts as appropriate.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other
Other public sector networks MoDNet


Price £66000 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial Based on customer requirements. Further information available on request.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑