The Personal Demographics Service (PDS) is the national database of patient demographic information in England, Wales and the Isle of Man, holding approximately 80 million records. Our Demographics team are part of the broader DARS team and provide support to the PDS and guidance on the use of the NHS Number. The National Back Office (NBO) sits alongside the demographics team and has the principal role of resolving data quality issues on the PDS. 

The Demographics team ensure a high-quality service that is relied upon throughout the NHS. Without this a significant clinical risk would exist, particularly for patients receiving services outside of their local area. Safeguards such as those around child protection, as well as systems for referrals between services and e-prescribing, rely fundamentally on the ability to accurately identify people across the system. This also supports the linkage of patient records for research. 

Organisations and individuals wanting to use certain kinds of data need to show they meet strict data governance standards by completing our DARS application process.

Requests to DARS are submitted through the DARS online portal. All requests must cover:

• the purpose of the request
• the legal basis around whether the data can be shared
• the security and governance around how the data will be stored and processed 
• evidence of funding 
• detailing any commercial enterprise that is involved.

Requests for DARS are evaluated against a transparent set of requirements. 

We have provided guidance to customers to use our application process or applicants can contact the DARS team or attend one of our regular webinars. 

We make charges to cover the costs of managing applications, processing data and providing access. View our latest charging guidelines.

Requests for access to data from analysts within our organisation do not need to go through DARS. Internal teams apply to the Information Asset Owner (IAO) responsible for each data set. Where data sets are produced, DARS will, where possible, load them into the Data Management Service, allowing external organisations to apply for access. 

Applications first need to be approved by the IAO in the relevant department. The IAO will then formerly present the application to the Independent Group Advising on the Release of Data (IGARD). This group consists of information specialists, doctors, lawyers, researchers, ethicists and lay members. 

Applications are assessed for purpose, whether consent is required and whether the correct legal basis is in place. In certain circumstances, it would be impractical to seek consent from patients to process their data in a specific way, although the benefits of doing so would be significant. This situation is recognised in law through section 251 of the National Health Service Act 2006 where the common law duty of confidentiality can be temporarily lifted if the benefits of doing so outweigh the risks of intrusion into privacy.

For example, when linking the paediatric and national diabetes audits to create the national diabetes transition audit, section 251 approval was obtained. Patient identifiable information was required to link patient records, and yet the time frame of 10 years and the large number of patients involved made seeking consent impractical.

All applications that are made under section 251 must also go through the Confidentiality Advisory Group (CAG) of the Health Research Authority.

Once approval has been granted, a data sharing agreement must be signed between the applicant and NHS Digital, covering the legal responsibilities that recipients agree to abide by. Data from any patients that have opted out of sharing their data is removed. The data is then transferred to the applicant by secure file transfer or the Hospital Episode Statistics Data Interrogation System. It can take up to 60 days to process complex requests. A dashboard analysis of our performance in managing requests to DARS is in production and will be available soon.

Our Data Release Register is a record of all the data we have shared with other organisations. Published every quarter, it provides information on data released under Data Sharing Agreements. It covers activity for the preceding three months plus any amendments/additions to older releases.

Where applications are rejected, it’s usually because there was no legal basis to share the data requested.

Not all requests are audited, but DARS reserves the right to undertake an audit with respect to the use and storage of the data to ensure the terms of the Data Sharing Agreement are abided by. You can see our recent audits.

Our Director of Information Governance, Burden and Audit is charged with auditing the compliance of customers to their responsibilities with the data. 

Following the expiry of a Data Sharing Agreement, data must be deleted safely in line with the guidelines outlined within the certificate of destruction. The certificate of destruction must then be sent to us to confirm this has taken place.