Data Access Request Service
Data Access Request Service
Welcome to the HSCIC Data Access Request Service (DARS).
The process for requesting access to data has changed. We have set up an improved process for customers to access our wide range of health and social care information, products, and services [117kb].
The Data Access Request process
The DARS process has three stages - Application, Approval, and Access.
The first stage is to complete an application. The application process is the most important stage since it sets out the nature of the requested data and the purpose for which it is being requested.
In order for an application to be assessed appropriately, it is very important that the following details are provided in full:
- Administration details (e.g. organisation, lead contact name, contact details).
- The purpose for which the data are being requested. This must clearly demonstrate that the request is being made to support the provision of health and social care and the promotion of health. Data cannot be released for solely commercial purposes.
- Evidence of the associated approvals required for the data requested (e.g. patient consent).
- Details of the security arrangements [183kb] your organisation has in place (e.g. IS0 27001, NHS Information Governance (IG) Toolkit score, DPA registration).
- Details of the data that are being requested (e.g. Hospital Episode Statistics (HES), Mental Health Minimum Data Set (MHMDS)).
- The amount of data being requested (e.g. a single year's data, monthly extracts over three years).
You may also be required to complete a data form [215kb], depending on the type of data you require.
The HSCIC will publish all completed applications on this webpage.
The HSCIC is a public organisation that operates on a cost-recovery basis. View the charges [54kb] made for providing access to data and linking data.
The approval stage verifies that there is an appropriate legal basis for accessing the requested data and that safeguards are in place to ensure that you will store and handle data safely and securely.
All applications, other than for aggregate data, are evaluated by the Data Access Advisory Group (DAAG). DAAG will then make a recommendation to the HSCIC Senior Information Risk Officer (SIRO), who has responsibility for approving the release of the data.
The SIRO will consider the recommendation from DAAG and will write to you to tell you if your application has been approved.
The HSCIC will check the evidence that you provide, which may include:
- consent of the individuals concerned, e.g. the consent form and consent information literature;
- approval under Regulation 5 of the Health Service (Control of Patient Information) Regulations 2002 (also known as 'Section 251 support');
- the appropriate statutory regulation covering your organisation for the work required;
- Approved Researcher status from the Office for National Statistics (ONS).
After you have signed the Data Sharing Contract [204kb] and Data Sharing Agreement [154kb] we will prepare your data for you. Guidance on the Data Sharing Framework Contract [189kb] and Data Sharing Agreement [132kb] is also available.
There are currently two ways in which data can be accessed:
- Data are released to you using a Secure File Transfer Mechanism.
- You may access Hospital Episode Statistics (HES) data using the HES Data Interrogation System.
The HSCIC has launched a programme to look at other ways in which data can be securely accessed. Further information on this programme will be provided on this webpage.
Data Access Request Service Dashboard
The Data Access Request Service (DARS) provides customers with a single point of access for all new data applications. To provide greater visibility of the type and volume of requests that we process, we have created an information dashboard.
The dashboard shows the number of data requests we are managing and the proportion of these that are in the Application, Approval and Access stages as well as allowing you to see how the volume of requests changes over time.
The dashboard is updated regularly
HSCIC Data Access Policy
The HSCIC Data Access Policy is supported by the following principles:
- share information to support the provision of health and social care and the promotion of health; not for solely commercial purposes;
- inform the public when we share data with external organisations, including law enforcement agencies;
- publish benefits achieved through the sharing of data;
- include patients and public representatives in our governance and advisory bodies;
- include sanctions for the misuse of data and other breaches of data sharing contracts;
- audit data recipients to ensure adherence to the terms of their contracts and agreements;
- ensure that any data are deleted at the end of the Data Sharing Agreement under which it was released;
- provide a clear, simple, efficient, and transparent service for access to data delivered to publicly-stated service levels;
- harness the latest technologies as a means to providing safe and secure access to data;
- listen to feedback from customers, patients, and the public and involve them in the continuous improvement of our service.
Other useful information
We are committed to significantly reducing the time it takes to process an application and provide access to data. By November 2014, we aim to achieve the Service Levels detailed below:
- Respond to all new applications within four working days. If further information is required from you, we will let you know. As soon as you provide the additional information to us, we will notify you within four days of the next steps. Please note that incomplete information in your application may result in a delay
- If your request is simple, for example, you wish to extend the period in which you can access the data by a number of months, we will look to approve this request within five days. If your request is not approved we will also respond within five days
- Applications which require review by DAAG will be processed within fifteen days. If your application is not recommended for approval, we will also notify you within fifteen days
- For more complicated applications, approval is likely to take longer (timescales will vary dependant on external bodies, who cannot be held to HSCIC SLAs). Such cases should be the exception and we will notify you if this is the case. For these more complicated applications, we will work to an Service Level that the applications should spend no longer than thirty days at HSCIC, plus any extra time needed to fit the schedules of external bodies.
- Once approval has been granted and the data sharing agreement has been signed by both parties, the release of the data will take a maximum of fourteen days, depending on the amount of processing required. We will notify you when approval is given and the timescales for providing access to the data.
Under these Service Levels, simple requests should be processed by the HSCIC within fourteen working days, and the most complex requests within 60 working days (plus any additional time spent with external bodies).
We will publish our performance against these SLAs on a regular basis.
The HSCIC has developed an audit function and will soon launch a programme of audits. These audits will check that our customers are adhering to the obligations documented in the Data Sharing Contract and Data Sharing Agreements.
Deletion of data
All data must be deleted at the expiry of the Data Sharing Agreements. A certificate of deletion [16kb] must be completed and returned to the HSCIC when the data have been deleted.
Help and advice
For help about any of our services or to discuss your requirements, please contact the HSCIC contact centre on 0845 300 6016 or via email: firstname.lastname@example.org
- Data Access Request Service Dashboard
- Data Access Advisory Group (DAAG)
- Registers of approved data releases
- Improvements for breast cancer surgery patients
- Confidentiality Advisory Group (CAG)
- Section 251
- DARS - Products [117kb]
- DARS - Service charges [54kb]
- DARS - Forms [215kb]
- HSCIC Stakeholder Meeting - 21 July 2014: Summary notes [85kb]
- Data Destruction form [16kb]
- Update on Data Release Activity - 15 July 2014 [89kb]
- Process for Handling Requests - A guide [155kb]
- DARS - Guidance Notes on Security [183kb]
- Data Sharing Framework Contract [204kb]
- Data Sharing Framework Contract Guidance [189kb]
- Data Sharing Agreement [154kb]
- Data Sharing Agreement Guidance [132kb]
- Data Dissemination Approvals Policy [276kb]