Palantir Technologies UK, Ltd.

Palantir Integrated Health and Care Record Infrastructure

Palantir's enterprise data management platform drives effective population health management by integrating disparate data sets across and within regions. Our solution provides secure integration and exchange of patient data from multiple systems, and presents individuals' linked data as a longitudinal record for the delivery of personalised care.


  • Interfacing between disparate care provider systems across any geographical range
  • Integration and harmonisation of structured and unstructured data sets
  • Consistent, 360-degree patient record view aggregating all individual care data
  • Scalability to meet any volume of users or data
  • Accelerated development and deployment of machine learning and artificial intelligence
  • Entity resolution for accurately linked, deduplicated, and normalised patient records
  • Discovery of objects and records from all integrated sources
  • Granular access control lists with flexibility to meet area policies
  • Flexible visualisation framework to enable search, analysis, and alerting workflows
  • Fully extensible and interoperable with any legacy care systems


  • Accurate, comprehensive patient records accessible by any authorised professional
  • Improved clinical decision making using instantly available patient information
  • Lower unwarranted variation rates in clinical decisions and patient outcomes
  • Improved coordination of care through cohort and pathway management
  • Better communication of health events at local and national scale
  • Secure record views for providers within and outside the exchange
  • Secure digital collaboration across care organisations and services
  • Reduced manual processing by automated data ingestion and streamlined cleansing
  • Auditable record access logs to support security and accountability
  • Open architecture supporting interoperability and access to external data systems


£66000 per unit

  • Free trial available

Service documents


G-Cloud 11

Service ID

8 0 2 7 3 2 9 5 9 2 6 9 5 5 1


Palantir Technologies UK, Ltd.

Palantir Technologies UK, Ltd.

+44 203 856 8404

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints N/A
System requirements Dedicated Linux server infrastructure, running CentOS 7

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Varies upon the severity of the issue, but generally a 24/7/365 response is available.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Standard support is included in our Solution-Based Licence Costs. Our standard form Service Level Agreements (SLAs) can be provided on request.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started As commercial software, Palantir Platforms are intuitive platforms that can be used by technical and non-technical users alike. To help users learn to use the platforms, Palantir can design training plans and training materials based on our proven training curriculum. Curriculums include options for e-learning, instructional videos, and in-application help and support. At a high level, we can provide:

*In-person, instructor-led training: Palantir can hold specific training sessions at the customer locations tailored according to the user profile, specific contract requirements, and the project stage.
*Internet webinars: Webinars are available on a variety of topics, based on ongoing assessments of end user needs. Webinars allow flexibility scheduling, varying user adoption rates and location.
*Self-guided learning: Palantir also provides for self-paced training through our web-based video training application that includes features such as videos and documentation. We have successfully used our web-based video training method at many engagements with diverse user bases.

Additional information available on request.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Should an agency wish to extract their data when a contract ends, Palantir can export all existing data in the Palantir Platform into raw formats. Palantir Platforms have been purposefully designed to prevent vendor lock-in. As such, they have an open, pluggable architecture with publicly documented APIs at every tier of the software. All data in both platforms can be securely exported in non-proprietary formats for use in other databases or systems. We work with customers to determine the best export format(s) for customer datasets and their destination systems.
End-of-contract process If a customer decides not to continue with an engagement or at the end of a term licence, Palantir will return or destroy any customers confidential information per Palantir policy, regulatory, and contractual requirements. Data in the Palantir managed cloud is sanitised through destruction of the master encryption key and destruction of the virtual machines. Destruction of the key is irrevocable and would only occur in the event of deployment termination. This service is included in the price of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Service is accessible on Android and iOS mobile devices, although full functionality will not be available, as not all features will be supported. Further information available on request.
Service interface Yes
Description of service interface The Palantir user interface provides users with a single entry point to search, visualise and analyse information from disparate sources. The Palantir user interface connects to an underlying data foundation. The tools and applications provided as part of the Palantir user interface therefore act as different windows using the same data.
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
What users can and can't do using the API Palantir provides open, extensible Java APIs that can be configured to connect to any third-party system, tool, or database. We can configure plugins for data imports (e.g., to allow data from a third-party system to load directly into Palantir) and for data exports (e.g., to allow data and analysis from Palantir to load directly into a third-party system). These plugins are generic and non-proprietary. It is also possible to provide JSON-encoded RESTful APIs to Palantir's back-end, for integration with custom or third-party applications.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Palantir offers a modular system where additional functionality can be provided by the use of optional services. Additional services can be installed depending on user need - these can be configured by an administrator. Additionally, if the customer wishes, they can develop their own applications and services to be installed on the platform.


Independence of resources Palantir uses DNS routing, gateways and elastic load balancing to ensure availability. Dedicated accounts and virtual resources are used on a per customer basis.


Service usage metrics Yes
Metrics types Hundreds of metrics can be provided, some common examples are: average session length; drop-off rate; number of logins per user; number of accounts; and search speed.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All data stored in Palantir Platforms is stored in open format, giving an agency complete control over its data and enabling interoperability with other systems. Palantir’s open, publicly documented APIs can be configured to import or export to any system that exposes open APIs. There are no limitations on the data that can be exported from Palantir (subject to access controls), and administrators can export data from Palantir in a variety of formats, including but not limited to HTML, Microsoft Office (PPT, DOC, XLS) and ArcGIS (SHP). Data exports can also include the metadata regarding the data's source material references.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • ODF
  • Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Level of availability varies depending on the specific project. Our standard form Service Level Agreements (SLAs) can be provided on request.
Approach to resilience Information is available on request.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Role-based access control means that only users with appropriate authority can access these features.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Palantir’s Security Team is headed by Palantir's Chief Information Security Officer (CISO), who is responsible for implementing a robust and effective information security program and assessing Palantir’s risk and control environment. For some specific UK Government requirements, Palantir adheres to the Cabinet Office Security Policy Framework and its derivatives.
Information security policies and processes Palantir is a ListX company. As a List X Company, for some specific UK Government requirements, Palantir adheres to the Cabinet Office Security Policy Framework and its derivatives. Additional information available on request.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Palantir’s Change Management Policy sets standards for upgrading capabilities, responding to threats, adhering to laws/regulations, and complying with contract obligations; while limiting impact and ensuring adequate messaging. All changes to systems must be submitted as a “Change Request”. The relevant teams review the Request, prioritise, and develop a plan for implementation. Authorised Palantir Officials approve changes in accordance with Palantir policies and procedures, and notify customers of any major changes. Once the work is completed, the "Change Request" ticket is updated/closed. Development, Test, and Production environments are all separated to help ensure a separation of duties for systems and personnel.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Palantir’s InfoSec Team operates an industry-standard vulnerability management process. This includes vulnerability scanning, deployment reporting, third-party penetration testing, and monitoring of external sources for vulnerabilities. Palantir maintains full-time Application Security and Computer Incident Response Teams. The AppSec Team monitors software for security weaknesses. The CIR team is responsible for threat modelling and conducting threat intelligence. Palantir contracts third-parties to perform vulnerability and penetration testing at least annually. Findings are prioritised based on criticality, severity, and impact and tracked through tickets. Patches and configuration changes are pushed to Palantir Deployment Teams who push these updates to customer solutions using agreed procedures.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Palantir implements a broad spectrum of technical and operational controls that provide protection and detection of cyber-attacks, malicious intrusions, and malware. Endpoints are deployed with host-based intrusion detection systems and all network traffic is processed through network-based intrusion detection systems. Anomaly detection occurs through detection, alerting, and enrichment strategies implemented by threat intelligence engineers. Alerts are escalated to our Computer Incident Response Team, which provide 24/7 response capabilities across all Palantir assets. The Palantir Information Security Team provides incident detection and response capabilities across the entirety of Palantir's network.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Palantir has an incident management process for events that may affect the security, availability, or confidentiality of Palantir systems. This process specifies courses of action, procedures for notification, escalation, mitigation and documentation. The policy is available to all employees. To help ensure timely resolution of incidents, the incident response team is available 24/7 to employees and customers. When an infosec incident occurs, staff respond by logging and prioritising the incident according to severity. Events that directly impact customers receive the highest priority. An individual/team is dedicated to remediating the problem, enlisting the help of product/subject experts as appropriate.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Other
Other public sector networks MoDNet


Price £66000 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial Based on customer requirements. Further information available on request.

Service documents

Return to top ↑