1. Luke Taylor

2. Rio de Janeiro

US immigration agents are using an app developed by Palantir that draws on the health records of millions of Americans to find and detain illegal immigrants.

The revelation comes as the US’s Immigration and Customs Enforcement (ICE) comes under increased scrutiny after the shooting of Alex Pretti, a 37 year old intensive care nurse, by ICE agents in Minneapolis over the weekend.

It has now emerged that data from the Department of Health and Human Services (HHS) is being fed—along with other commercial and public datasets—into an analytics app developed by Palantir, according to an investigation by news outlet 404 Media.1

Testimony from an ICE official and internal documents obtained by 404 show the app, Enhanced Leads Identification and Targeting for Enforcement (Elite), maps areas to help agents decide where to conduct detention raids.

The tool was reportedly used in recent operations, including a raid in Oregon in October in which 30 people were arrested.

According to the 404 investigation, Elite pulls names, addresses, and photos from health records. It reportedly works like Google Maps, showing ICE agents which areas have higher densities of people who could be detained. It also generates dossiers on individuals, including their name, photo, and “confidence scores” that they are at home.

An HHS spokesperson contacted by The BMJ did not clarify what information was given to ICE but said the information sharing was permitted under national law.

“Several federal laws authorise the Centers for Medicare and Medicaid Services (CMS) to make certain information available to the Department of Homeland Security (DHS),” the spokesperson said. “Under the Immigration and Nationality Act, ‘any information in any records kept by any department or agency of the government as to the identity and location of aliens in the US shall be made available to’ immigration authorities.”

There is no data sharing agreement between CMS and DHS on “US citizens and lawful permanent residents,” they added.

In July 2025, it was revealed that a data sharing agreement between the US health department and ICE would see the personal data of 79 million Americans receiving Medicaid assistance handed over to the deportation agency.

This includes names, addresses, birth dates, and ethnic and racial information.2

Palantir, an American tech giant best known for its work with US defence and intelligence agencies, also works in the UK where it won a £330 million contract to develop data platforms that integrate information held across separate NHS trusts.

Doctors and patient advocacy and rights groups, as well as the BMA, have questioned if it is ethical for a US defence technology firm to handle sensitive health data and if the deal could undermine patient trust.3

Contacted by The BMJ, a Palantir spokesperson said it “cannot comment on specific data sources used by our customers in their confidential environments. However, Palantir expects data sharing among government agencies to be conducted in accordance with lawful authorities and compliant with applicable data sharing agreements.”

Indiscriminate and a violation of rights

Rights groups say the use of location based targeting is indiscriminate and violates due process, while some US states have challenged the move in court, leading to a temporary suspension of information sharing.4

John Howard, a specialist in healthcare data privacy at the University of Arizona, said that although the interagency sharing of data from health records is legal and likely covered under the Privacy Act rather than the Health Insurance Portability and Accountability Act, it could damage people’s trust in healthcare.

“If a population does not trust a health system to protect it and its information there could be a loss in trust of that system,” he told The BMJ.

This, he pointed out, was one of the purposes behind the Health Insurance Portability and Accountability Act, signed into law in 1996 to protect patient data. The act places limits on the disclosure of health information but does not cover all data held by health agencies and does not apply equally across all government departments.

Still, the act was put in place “to build trust in the US health system so people will seek care when they need it,” Howard said. “Eroding this trust can cause public health problems if we have sick or injured people that forgo seeking care.”

He urged the US Congress to act. “If circumstances arise where a law is applied in a manner that is counter to the public policy purpose intended by Congress, it is the responsibility of our lawmakers to step in and provide direction and corrections needed to account for the change,” he said. “If our leaders are not willing to do this an erosion in the trust of our entire legal system could result. I do not think this is something anyone wants.”

Dave Maass, director of investigations at the non-profit organisation Electronic Frontier Foundation, said, “In the wake of the Watergate and COINTELPRO scandals of the 1970s, US Congress enacted laws to protect private information from government misuse. Data grabs like the DHS’s reported use of healthcare data for immigration enforcement are exactly why.”

“Government agencies necessarily collect information to provide essential services, but when governments begin pooling data and using it for purposes unrelated to why it was originally collected, it provides them with enormous power that can be abused. The misuse of healthcare data is particularly insidious,” Maass told The BMJ.

“This information is not only extremely sensitive, but its misuse for law enforcement purposes could also deter people from seeking essential medical care—with grave individual and collective consequences.”

**Do you have any additional information on this story? **

Contact newsdesk@bmj.com