DARS: how to make an application

DARS Online customers should use this guidance when completing an application for data.

Further advice on completing an application is available from NHS Digital on tel: 0300 303 5678 or by emailing [email protected].

Please quote DARS application in the subject field of your email when submitting an enquiry. If you're referring to an existing or previous application then please also quote your existing reference number (for example DARS-NIC-999999-AAAAA).

Before applying for data, your organisation must have a valid Data Sharing Framework Contract (DSFC). If you are unsure whether your organisation has a current contract, please contact us on the above phone number or email address

Be transparent

Write your application so that it is easily understood and covers all the uses of the data. Be specific, clear, and unambiguous. Ensure that your application is consistent - for example, if you highlight that University X is part of a research collaboration, ensure that University X is listed as a data processor or controller (or explain why not). Equally if your purpose is commercial, make sure you are clear about all your products and services, and be clear as to your customer base.

Be precise

If a purpose is not listed, it is not permitted, so please make sure you cover all specific uses. Equally if others are using your product, or accessing the outputs of your work, make clear exactly what nature of data they are accessing (such as record level, aggregate). Remember that your application may be published, so ensure it's written so that it can be easily understood - explain acronyms and assume that the application will be read in isolation from other documents.

Ensure you have a legal basis

A legal basis must be in place to allow NHS Digital to receive, process, and disseminate the data. It is your responsibility to ensure that the legal basis is in place, so if you require external approvals please ensure you have these before submitting an application. NHS Digital is happy to discuss these in advance of an application, and welcomes early sight of consent materials before starting research so that feedback can be taken into account before recruitment of a cohort starts.

Learn from others

NHS Digital publishes a data uses register which includes approved purposes for previous data releases. Check against that register to see what information others have provided, and where appropriate use similar wording. Check you have all relevant documentation.

Elements of your application may require supporting documentation. For example, if you are using section 251 of the NHS Act 2006 (s251) as a legal basis for identifiable data, you will need to ensure that you have the latest approval letter and application. If you are using patient consent as the legal basis, you will need to provide all relevant consent forms and information leaflets. If this evidence is not provided when submitting your application, it may not be accepted.

Justify any identifiable or sensitive data

Please check that you have justified any identifiable or sensitive data requested, and that you have sought to minimise the amount of data required. Your purpose should explain why you need the data (objective), and how you will turn the data (processing) into the products (outputs) that generate benefits to the health and social care system.

A DARS application is made through our DARS Online system. In general, the application process will require information on:

• the start and end date of the Data Sharing Agreement 
• any cohorts that you send to us to match to NHS Digital datasets. 
• the datasets that you wish to access, including details of:
  • date range 
  • data fields
  • the legal basis for access to the data
  • users accessing this data (where relevant)
  • any further data minimisation (for example, restricted to a particular set of diagnosis codes)
• the reason for requesting the data, including the benefits to health and social care in England and Wales - see below for more detail on this PURPOSE section
• how your research study is funded
• the data controller of the data you are requesting
• organisations who will process the data and the location where this processing will happen
• the location of where the data will be stored, or shared 
• any further evidence to support your application (for example, copies of consent letters)
• how long you intend to retain the data 

Ensuring that there is a legal basis for NHS Digital to provide the data is essential.

If the data you wish to receive is pseudonymised, anonymised or anonymous (and no identifiable data is flowing to enable that release), then the legal basis is typically the Health and Social Care Act 2012.

If however you wish to receive identifiable data, or identifiable data has flowed to enable the release of data (for example you may have provided a cohort) then the legal basis is typically s251 or consent.

If ONS registry data is required (mortality data for example) then you may need s251 approval for the data flow, or have patient consent, or have secured approved research status with ONS (approved researcher). Approved researcher status, determines that the researcher is 'fit and proper' and the research project is suitable; an application is required, and assessment should take 3 weeks. More detail can be found on the ONS website.

If you're relying on consent from research participants to access data from NHS Digital, NHS Digital requires such consent to be explicit and the information contained within the information sheets must be aligned with the consent forms.

If providing NHS Digital with a cohort of patients, within the processing section of your application you should indicate whether recruitment to the cohort has started/finished, and the target or actual sample size. Further details on how to meet the Duty of Confidentiality, including consent and s251 support, are available through the Data sharing standard 7b – Duty of Confidentiality. Please also review the pre-application checklist data items section for guidance on which identifiers NHS Digital can use to link your cohort members to their health records, in order to inform creation of your patient information materials/ s251 application.”

This is a complex area, and NHS Digital encourages you to contact [email protected] prior to recruiting a cohort.

In rare circumstances there may be an alternative legal basis that applies. If you think this is the case with your request, please just select "other" and provide full details of the legal basis.

You may only use any data provided solely for the purposes explicitly stated within this section. It needs to be long enough to be clear about the specific purposes, but please avoid the temptation to include lots of background that does not add to the justification.

Please be aware that we expect to publish the information in this section, along with the decision to approve or not, in a similar way to the way we have published registers of data releases.

Since we look for this section to be clear and specific, avoid vague terminology such as: "uses will include"; "may"; "can"; "might"; "expected to include". Please:

• be specific 
• use "only" - such as "this data will only be used to produce..."
• where appropriate, state what the data will not be used for - such as: not used for commercial purposes, not provided in record level form to any third party, not used for direct marketing
• write assuming it will be in the public domain 
• be specific about size of any customer base, and if you have both NHS and commercial sector customers, ensure that you state the relative split between those customer segments

This section must make clear:

• what the specific purpose is
• who will be using the data (organisations rather than individual names)
• what will happen to the data (the outputs)
• whether the outputs are in record level form
• the benefits to the health and social care system, and when they will be achieved
• whether the application is in any way commercial (and if so, how) - note that applications (with the exception of anonymised tabulations) which are for solely commercial purposes and do not demonstrate benefit to the health and social care system will not be approved

Key questions to ask are:

Does it clearly explain the purpose of the project/programme/request/research?

Does it provide background to the request? For example, is it a long-standing research trial or a government backed programme established in X year?

Does it list the type of organisations involved (such as CCGs, local authorities)?

Does it make clear whether the outputs from NHS Digital will feed into a bigger programme?

Does it tell us how the data requested from NHS Digital will enhance the work?

If any elements of the work are taking place outside the UK, does it describe them here?

Key questions to ask are:

Are all data flows detailed (such as what organisation will transfer data to what other organisations)?

Is the level of data involved in each data flow clarified (meaning - identifiable, pseudonymised, aggregated)?

Note: If any pseudonymous data or data being described by the applicant as 'anonymous' will be shared with third parties, the fields to be shared should be clarified.

Is it clear (in cross-check with section 3) what legal basis relates to what data flows? For complex applications, note that it is worth including a data flow diagram, and matching on the diagram the legal basis against each data flow.

Has a legal basis been evidenced for all data flows?

If data will be accessed outside the UK, are the details, including how data will be transferred, explained?

If anyone who is not a direct employee of the organisation requesting data (such as users working on honorary contracts, charity staff helping with analysis) will be accessing data, are details given?

Does it explain what will be done with the data NHS Digital supplies? for example, will there be trend analysis? Will the data be linked or compared (matched) with other data sets (if so, at what level and what will be used to link them)? Will there be benchmarking against peer groups?

If sensitive data, national data or data over a long period is requested, does it justify why that data is needed? Is that justification proportionate to the risk of releasing this data?

Is there a clear and logical link between the above and the specific outputs mentioned?

Are any organisation names or locations mentioned in this section consistent (a) throughout this section, (b) with the dataflow diagram, (c) with the names/addresses used elsewhere in this form including sections 1 and 7.

Useful phrases (where applicable): "No data will be linked to record patient level data."

Key questions to ask are:

Does it describe clear outputs (reports, submissions to peer-reviewed journals, presentations, dashboards for example)?

If peer-reviewed journals or presentations are mentioned, does it state the journals/events in which these will feature?

Is it clear what level of data will be present in the outputs? If the output is a dashboard or tool, is it clear how small numbers will be suppressed?

Is it clear who the outputs are for and who can access them?

Is it clear whether outputs will be available for free or if users will be charged for access?

Are target dates given for each output?

Is the data to be used across multiple projects, are outputs/delivery milestones and target dates given for each?

If this is a renewal/extension for a project that has had data previously, does it describe any outputs already produced?

Useful phrases (where applicable):

1. "Outputs will contain only aggregate level data with small numbers suppressed in line with HES analysis guide."
2. "Data will not be used for sales and marketing purposes." (if applying organisation is commercial company).

Be realistic, as non-achievement may affect any extension/renewals.

Link the benefits directly to the Health and Social Care sector.

Remember that any benefits already completely achieved cannot be considered as justification for future data sharing.

Remember that any benefits which are on-going as part of a current data sharing arrangement which may be lost if the data sharing ceases, are relevant.

If this is an extension/renewal/amendment, the achievement (or otherwise) of previously stated benefits may be taken into consideration.

Be clear about what the benefits are, and when they will be achieved, for each customer group/product.

If it's a renewal/extension, remember to state the benefits already achieved.

Case studies are helpful for NHS Digital in promoting the benefits of data dissemination, so please include these as additional documents if available.

Does this section describe benefits in terms of what action, change or decision happens as a result of the outputs?

Are there logical links between the outputs described and the stated benefits? Is it obvious which outputs contribute to which benefit?

Do the benefits convey the magnitude of the impact? For example, how many patients suffer from a particular condition? How much money is spent treating a certain disease?

Is it clear who will achieve the benefits? For example, will the project team achieve the benefits, or will their outputs be given to a third party (such as policy/decision-makers) who will use them to achieve the benefits?

For PhD/research projects, typically delivering dissertations and/or peer reviewed journal publications, see IGARD guidance.