Data dissemination - the Data Access Request Service team

Summary

Our Data Access Request Service (DARS) enables healthcare providers and researchers to apply for patient level data that is held centrally.

We deal with requests for data sets, linked data sets, tabulations, bespoke linkage and patient tracking. We can provide access to a wide range of products and services, giving clinicians, researchers and commissioners the data required to help improve NHS services. Visit our DARS pages to make a request.

The DARS team makes sure we only supply sensitive patient level data to organisations that look after it according to Information Governance (IG) requirements, and use it to improve health and care services.

The aim of DARS is to prevent the inappropriate release of data, while making the data dissemination process as efficient and timely as possible. Case studies are available that illustrate the benefits of the process. 

The process is split into application, approval, access, audit and deletion. Over the last three years, the process has been improved, resulting in a reduced average length of time to get applications approved while applications have increased by 35 per cent in 2018. Applicants often need significant support from the team to ensure that this is done legally, ethically and safely.

The Independent Group Advising on the Release of Data (IGARD) is an advisory body that oversees all new applications to DARS. They meet once a week and discuss approximately 5 to 10 applications. 

The vision for DARS is to make the data dissemination process as quick and efficient as possible while preventing the inappropriate release of data and maintaining public trust. The DARS team have worked with the Research Advisory Group to tailor their advice to particular user groups. For example, they have produced a guide to obtaining data for health research, with the Medical Research Council and NHS Health Research Authority, aimed at researchers. 

DARS sub-teams

The Personal Demographics Service (PDS) is the national database of patient demographic information in England, Wales and the Isle of Man, holding approximately 80 million records. Our Demographics team are part of the broader DARS team and provide support to the PDS and guidance on the use of the NHS Number. The National Back Office (NBO) sits alongside the demographics team and has the principal role of resolving data quality issues on the PDS. 

The Demographics team ensure a high-quality service that is relied upon throughout the NHS. Without this a significant clinical risk would exist, particularly for patients receiving services outside of their local area. Safeguards such as those around child protection, as well as systems for referrals between services and e-prescribing, rely fundamentally on the ability to accurately identify people across the system. This also supports the linkage of patient records for research. 

Application

Organisations and individuals wanting to use certain kinds of data need to show they meet strict data governance standards by completing our DARS application process.

Requests to DARS are submitted through the DARS online portal. All requests must cover:

  • the purpose of the request
  • the legal basis around whether the data can be shared
  • the security and governance around how the data will be stored and processed 
  • evidence of funding 
  • detailing any commercial enterprise that is involved.

Requests for DARS are evaluated against a transparent set of requirements. 

We have provided guidance to customers to use our application process or applicants can contact the DARS team or attend one of our regular webinars

We make charges to cover the costs of managing applications, processing data and providing access. View our latest charging guidelines.

Requests for access to data from analysts within our organisation do not need to go through DARS. Internal teams apply to the Information Asset Owner (IAO) responsible for each data set. Where data sets are produced, DARS will, where possible, load them into the Data Management Service, allowing external organisations to apply for access. 

Approval

Applications first need to be approved by the IAO in the relevant department. The IAO will then formerly present the application to the Independent Group Advising on the Release of Data (IGARD). This group consists of information specialists, doctors, lawyers, researchers, ethicists and lay members. 

Applications are assessed for purpose, whether consent is required and whether the correct legal basis is in place. In certain circumstances, it would be impractical to seek consent from patients to process their data in a specific way, although the benefits of doing so would be significant. This situation is recognised in law through section 251 of the National Health Service Act 2006 where the common law duty of confidentiality can be temporarily lifted if the benefits of doing so outweigh the risks of intrusion into privacy.

For example, when linking the paediatric and national diabetes audits to create the national diabetes transition audit, section 251 approval was obtained. Patient identifiable information was required to link patient records, and yet the time frame of 10 years and the large number of patients involved made seeking consent impractical.

All applications that are made under section 251 must also go through the Confidentiality Advisory Group (CAG) of the Health Research Authority.

Access

Once approval has been granted, a data sharing agreement must be signed between the applicant and NHS Digital, covering the legal responsibilities that recipients agree to abide by. Data from any patients that have opted out of sharing their data is removed. The data is then transferred to the applicant by secure file transfer or the Hospital Episode Statistics Data Interrogation System. It can take up to 60 days to process complex requests. A dashboard analysis of our performance in managing requests to DARS is in production and will be available soon.

Our Data Release Register is a record of all the data we have shared with other organisations. Published every quarter, it provides information on data released under Data Sharing Agreements. It covers activity for the preceding three months plus any amendments/additions to older releases.

Where applications are rejected, it’s usually because there was no legal basis to share the data requested.

Audit

Not all requests are audited, but DARS reserves the right to undertake an audit with respect to the use and storage of the data to ensure the terms of the Data Sharing Agreement are abided by. You can see our recent audits.

Our Director of Information Governance, Burden and Audit is charged with auditing the compliance of customers to their responsibilities with the data. 

Deletion

Following the expiry of a Data Sharing Agreement, data must be deleted safely in line with the guidelines outlined within the certificate of destruction. The certificate of destruction must then be sent to us to confirm this has taken place.