Application review by IGARD is required for access to all NHS Digital data, with the exception of aggregated data where the procedure for small numbers has been applied, in line with our Terms of Reference.
What we consider when reviewing an application
We consider why an applicant wants to access the data (the purpose) and we assess the benefits of disclosure against any potential risks, within the legal and regulatory framework.
Where patient consent is involved, we look at the consent materials the applicant has in place and confirm whether the consent is appropriate or not.
Where identifiable data is requested and patient consent is not in place, we consider whether the applicant has the correct approval from the Health Research Authority Confidentiality Advisory Group (HRA CAG) or an alternative legal basis for disclosure.
Requests for data should be proportional to the purpose in terms of the data form and amount of data requested. Requests must also demonstrate compliance with the provisions of The Care Act 2014 in terms of demonstrating health and care benefit and non-commercial use.
Applicants must ensure their DPA registration reflects their role as data controllers or data processors and covers the purposes for which they require the data, and that a suitable privacy notice is in place where applicable.
Data flow diagrams can be extremely helpful in helping NHS Digital understand how applicants intend to use the data, which organisations are involved and what each organisation does.
How to apply for IGARD review
All applications are made via NHS Digital's Data Access Request Service (DARS). Find out more about DARS, the data and services available and how to make an application.