Data Access Request Service
Data Access Request Service
Welcome to the HSCIC Data Access Request Service (DARS).
The process for requesting access to data has changed. We have set up an improved process for customers to access our wide range of health and social care information, products, and services [117kb].
The Data Access Request process
The DARS process has three stages - Application, Approval, and Access.
The first stage is to complete an application. The application process is the most important stage since it sets out the nature of the requested data and the purpose for which it is being requested.
In order for an application to be assessed appropriately, it is very important that the following details are provided in full:
- Administration details (e.g. organisation, lead contact name, contact details).
- The purpose for which the data are being requested. This must clearly demonstrate that the request is being made to support the provision of health and social care and the promotion of health. Data cannot be released for solely commercial purposes.
- Evidence of the associated approvals required for the data requested (e.g. patient consent).
- Details of the security arrangements [184kb] your organisation has in place (e.g. IS0 27001, NHS Information Governance (IG) Toolkit score, DPA registration).
- Details of the data that are being requested (e.g. Hospital Episode Statistics (HES), Mental Health Minimum Data Set (MHMDS)).
- The amount of data being requested (e.g. a single year's data, monthly extracts over three years).
You may also be required to complete a data form [215kb], depending on the type of data you require.
The HSCIC will publish all completed applications on this webpage.
The HSCIC is a public organisation that operates on a cost-recovery basis. View the charges [54kb] made for providing access to data and linking data.
The approval stage verifies that there is an appropriate legal basis for accessing the requested data and that safeguards are in place to ensure that you will store and handle data safely and securely.
All applications, other than for aggregate data, are evaluated by the Data Access Advisory Group (DAAG). DAAG will then make a recommendation to the HSCIC Senior Information Risk Officer (SIRO), who has responsibility for approving the release of the data.
The SIRO will consider the recommendation from DAAG and will write to you to tell you if your application has been approved.
The HSCIC will check the evidence that you provide, which may include:
- consent of the individuals concerned, e.g. the consent form and consent information literature;
- approval under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (also known as 'Section 251 support');
- the appropriate statutory regulation covering your organisation for the work required;
- Approved Researcher status from the Office for National Statistics (ONS).
After you have signed the Data Sharing Contract [220kb] and Data Sharing Agreement [155kb] we will prepare your data for you. Guidance on the Data Sharing Framework Contract [189kb] and Data Sharing Agreement [132kb] is also available, as are some Data Sharing Framework Contract FAQs [287kb]
There are currently two ways in which data can be accessed:
- Data are released to you using a Secure File Transfer Mechanism.
- You may access Hospital Episode Statistics (HES) data using the HES Data Interrogation System.
The HSCIC has launched a programme to look at other ways in which data can be securely accessed. Further information on this programme will be provided on this webpage.
Data Access Request Service Dashboard
The Data Access Request Service (DARS) provides customers with a single point of access for all new data applications. To provide greater visibility of the type and volume of requests that we process, we have created an information dashboard.
The dashboard shows the number of data requests we are managing and the proportion of these that are in the Application, Approval and Access stages as well as allowing you to see how the volume of requests changes over time.
The dashboard is updated regularly
HSCIC Data Access Policy
The HSCIC Data Access Policy is supported by the following principles:
- share information to support the provision of health and social care and the promotion of health; not for solely commercial purposes;
- inform the public when we share data with external organisations, including law enforcement agencies;
- publish benefits achieved through the sharing of data;
- include patients and public representatives in our governance and advisory bodies;
- include sanctions for the misuse of data and other breaches of data sharing contracts;
- audit data recipients to ensure adherence to the terms of their contracts and agreements;
- ensure that any data are deleted at the end of the Data Sharing Agreement under which it was released;
- provide a clear, simple, efficient, and transparent service for access to data delivered to publicly-stated service levels;
- harness the latest technologies as a means to providing safe and secure access to data;
- listen to feedback from customers, patients, and the public and involve them in the continuous improvement of our service.
Other useful information
We are working to new service levels for processing applications and providing access to data from 1 February 2015.
There are three different agreements in place from 14 days for 'Standard' applications, 30 days for 'Medium' and 60 days for 'Complex' applications.
Please see the list below for typical examples:
- 'Standard' - an extension to an existing agreement which allows you to hold data for longer
- 'Medium' - a tabulation of data with small numbers suppressed
- 'Complex' - a request for identifiable data across a series of datasets
When an application for data is sent to us, the team carry out an initial review, in particular looking at the following key areas:
- The purpose for wanting the data
- The legal basis under which you can access the data
- Assurance of the security of your data handling and storage systems
- Technical feasibility - are we able to provide what is being asked for?
An application is rejected where more information is needed in any of these areas. The application would then need to be resubmitted with the additional information needed.
Once the application passes this initial check, it is accepted and the Service Level Agreements (SLA) then take effect. We only pause the elapsed time when we require further detail from you - such as a more explicit articulation of the purpose - or when you require approvals from an external body (such as Approved Researcher status from ONS)
For the latest figures please see http://www.hscic.gov.uk/dars-dashboard
We carry out data sharing audits to check that our customers are meeting the obligations in their Data Sharing Contracts and Data Sharing Agreements.
Deletion of data
All data must be deleted at the expiry of the Data Sharing Agreements. A certificate of deletion [16kb] must be completed and returned to the HSCIC when the data have been deleted.
Help and advice
For help about any of our services or to discuss your requirements, please contact the HSCIC contact centre on 0300 303 5678 or via email: firstname.lastname@example.org
- Data Access Request Service Dashboard
- Data Access Advisory Group (DAAG)
- Registers of approved data releases
- Improvements for breast cancer surgery patients
- Confidentiality Advisory Group (CAG)
- Section 251
- DARS - Products [117kb]
- DARS - Service charges [54kb]
- DARS - Forms [215kb]
- HSCIC Stakeholder Meeting - 21 July 2014: Summary notes [85kb]
- Data Destruction form [16kb]
- Update on Data Release Activity - 15 July 2014 [89kb]
- Process for Handling Requests - A guide [155kb]
- DARS - Guidance Notes on Security [184kb]
- Data Sharing Framework Contract [220kb]
- Data Sharing Framework Contract FAQs [287kb]
- Data Sharing Framework Contract Guidance [189kb]
- Data Sharing Agreement [155kb]
- Data Sharing Agreement Guidance [132kb]
- Data Dissemination Approvals Policy [291kb]