Data access requests
Updated September 2023
Please note that our Data Access Request Form (DARF) has been updated. Applicants are required to use the new DARF only for new applications going forwards – there is no need to move partially completed / in progress forms onto the new template.
- New fields have been added to the following sections of the form to reflect new statutory requirements and IG guidance:
Section 4 – Project Details:
– Information on patient and public involvement
– Public benefit – applicants are now asked to explicitly state how the proposed project is carried out in the public benefit. A link to national guidance is provided.
Section 14 – Legal basis:
– Schedule 1, Part 1, DPA 2018 condition needs to be listed, where the applicant relies on Art.9 of GDPR for processing special categories of data,
– Common law duty of confidentiality – applicants need to provide some additional detail on how the duty is being met or legally set aside, if relevant to the application.
– National Data Opt-Out
- Additional wording has been inserted in some of the other Sections to clarify what is required from applicants.
- Our Terms and Conditions for use of HQIP data (incorporated in the DARF Application Form) have been tidied up and brought in line with the UK GDPR, as well as HQIP’s position on payment of DARG fees prior to DARG review of the application (Section 14).
Updates are under way for the other forms used in HQIP’s data access request process, such as the amendment/extension request form and applicants are strongly advised to always check back for the most recent version on the HQIP website at the point of starting their completion
We are responsible for the largest programme of national clinical audits in the UK. Our data access request service ensures that data from programmes we commission and host – including the data collected through our national clinical audit and patient outcome programme (NCAPOP) – is available for research, quality improvement, service evaluation and evidence-based decision making. Information about each of the projects we commission can found on the A-Z of NCA webpage and the Clinical Outcome Review Programmes webpage.
Many of our datasets are also listed on the Health Data Research Innovation Gateway, which includes searchable descriptive and technical information.
Support for your project
We strongly recommend that you visit our Understanding Health Data Access page before you design your project, especially if you have no or little experience of requesting access to health data. It includes resources to introduce the principles that data custodians work within to ensure that data is shared safely, legally, fairly and with public benefit. You will also find collated links to additional guidance and information across the research and data sharing community that you may find helpful.
We have produced a short video, with Health Data Research UK, to explain some key features of our data application process to help you plan your project, and direct your questions effectively.
In addition, in this recorded presentation, our Associate Director Yvonne Silove talks through our datasets and our data access process as well as highlighting top tips and common pitfalls in applying for data. Top tips for using linked health datasets in research are also available in a leaflet co-produced with the Health Foundation.
For more information about DARG meeting dates, please see ‘What happens to your application after submission?’ below.
- DARG members
Glenn Hearnden – Director of Operations – Corporate Services, HQIP
The Chair brings a broad range of organisational and business experience, having worked across many sectors including: the NHS, not for profit and commercial backgrounds. The Director of Corporate Services is responsible for ensuring the DARG and its members collectively review and approve or decline applications for data access according to the approval criteria.
Yvonne Silove – Associate Director for Quality and Development | National Clinical Audit and Patient Outcomes Programme, HQIP
Yvonne has been a member of HQIP’s Data Access Request Group for more than 10 years. She has also acted as HQIP’s senior sponsor to other controllers such as PHE, NHSE, Welsh government and Digital Health and Care Wales, DfE and ONS and represents HQIP on the Health Data Research Alliance Board. Yvonne provides support to the Confidentiality Advisory Group and worked with them on the development and implementation of the National Data Opt Out and its associated exemption request process. Yvonne led HQIP’s Understanding Health Data Access initiative, authored guidance on data access and the Duty of Confidentiality now adopted nationally, and contributed to Researcher Roadshows convened by NHS Digital and the NIHR to support researchers wishing to apply for access to national datasets.
Danny Keenan – Medical Director, HQIP
Danny works in the areas of clinical quality and measurement. He is Medical Director to the Healthcare Quality Improvement Partnership (HQIP), running the National Clinical Audit Programme, the Clinical Outcomes Review Programme. He has led interesting work refining metrics and feedback from national audit and working with colleagues to get the results out to the service to improve the care we offer to patients. He and colleagues used the audits to explore the effect of the Pandemic on different populations and hope to use what we learned to improve the service we offer to all our patients. Current work relates to refining the current Outliers policy and exploring how AI techniques can be used more widely in the National Clinical Audit Programme.
He chaired the Indicator Review Committee for the National Institute for Clinical Excellence (NICE) for 10 years reviewing indicators along the patient pathway, reviewing whether there were information streams and weighing up the possible benefit patients might feel from focused commissioning.
Chris Boulton – Deputy Director of Operations | National Joint Registry
Chris is the Deputy Director of Operations for the National Joint Registry (NJR), leading workstreams related to reporting of data, data quality, medical devices and research using registry data. He is a member of HQIP’s DARG and Information Governance Executive and is the governance lead for the NJR Executive. He has been working in clinical audit for twenty years and is an experienced leader of national clinical audits and registries. He previously managed the National Hip Fracture Database and the Falls and Fragility Fracture Audit Programme and led the orthopaedic audit team at Nottingham University Hospitals NHS Trust. He has a Master’s degree in Clinical Audit from Keele University.
Alyson Ottley – Research and Governance Programme Manager | National Joint Registry
Alyson trained as a registered nurse before studying a master’s in applied management (health) at Newcastle University in Australia. After working in several management roles in Australia and the UK, Alyson completed a master’s in medical law and Ethics at De Montfort University in Leicester. Alyson has worked in a variety of incident management and clinical governance roles including implementing a governance framework for an international healthcare provider in Sydney. She has been working as the Research and Governance Programme Manager for the National Joint Registry since August 2022.
Julia Trusler – Associate Director, Quality and Development | National Clinical Audit and Patient Outcomes Programme (NCAPOP), HQIP
Julia has a degree in Biological Natural Sciences from the University of Cambridge as well as a Masters in Medical Ethics and Law, and has spent her career in the health/biosciences non-profit sector. Prior to joining HQIP, she has held a variety of roles relating to research, policy, governance and data, and spent 14 years in senior management positions (including 2 years as Deputy CEO).
Desislava Staykovska – Information Governance Lead, HQIP
Desi brings a vast amount of expertise in data protection and information security compliance which is the result of working as a data protection specialist in the last 7 years, both in the healthcare and the wider charity sector. She is the Information Governance Lead at HQIP and ensures that the organisation itself, as well as any third-party organisations or individuals applying for access to data via DARG, are fully compliant with all legal and regulatory requirements.
Before joining HQIP, Desi has worked as a Privacy Officer at PPD (Pharmaceutical Product Development), which is part of Thermo Fisher Scientific and a world leader at clinical trials and clinical development. There she gained valuable insight into scientific discovery, assessing safety, efficacy and health care outcomes, as well as the development of new medicines and healthcare therapies.
Tom Bigg – Business Support Officer, HQIP
- Before you submit an application
Not all access to our data requires an application to be submitted. It may be that the data you need is available through our existing published data. Please read the following information to see if the data you require is available from another source before proceeding with your application.
HQIP’s Joint data controllers should contact the HQIP Data Sharing inbox before completing an application so that we can answer questions and provide the correct form.
We commission approximately 40 national clinical audits and clinical outcome review programmes which make up the National Clinical Audit and Patient Outcomes Programme (NCAPOP). We also commission some projects outside the NCAPOP in addition to hosting the National Joint Registry.
These projects collect data on the quality and outcomes of care provision in England and Wales. Some projects also collect data in Scotland, Northern Ireland, Isle of Man, Guernsey and Jersey, either under contract to HQIP or under separate arrangements.
Data from these projects is routinely reported and these reports are available on each project website, as well as on our website. The reported data is also placed, and can be accessed, on the data.gov.uk website.
Many of these projects link with third party data sets such as Hospital Episode Statistics (HES) and Office for National Statistics (ONS) data.
If you have determined that a data access application is still necessary, you should make contact with the relevant HQIP data provider (i.e. the HQIP commissioned or hosted project) before you submit an application. The HQIP data provider will need to advise if your data requirements can be met and will need to review and approve your application ahead of it being submitted to HQIP. You can find details of all of the data providers here.
If you wish to make a request for National Joint Registry data, please ensure you have read their approvals process.
- When we can release data
We can authorise the release of data for which we are the data controller, as defined in Data Protection Legislation. For most of the projects in the NCAPOP programme, we are a joint controller along with the programme funder.
Some data that we collect is not placed in the public domain. However, as the controller, we can share this data for the purpose of quality improvement, including research, service evaluation, and audit, if certain conditions are met and depending upon certain permissions that are in place for each project.
HQIP cannot usually give permission to share data for which we are not a data controller; this includes where a project has been linked to a dataset controlled by another organisation. It is important that prior to submitting an application for which you would like to access a linked dataset, you discuss this with the HQIP project provider and HQIP.
HQIP cannot approve, at this time, applications that involve transfer of personal data to an organisation outside the EEA (‘restricted transfer’). Please note that personal data includes both personally identifiable (patient level) data and de-identified (including pseudonymised) data which may indirectly identify an individual.
- Submitting an application
We recommend you get in touch with us at [email protected] before you submit your formal application. By discussing your data needs with us, we can offer guidance on how to make a strong application.
Once you’re ready to make a formal application, complete the data access request form. You can download the form at the bottom of this webpage. Applications are reviewed on a monthly basis.
We require you to complete all relevant sections of the request form in full and to have all relevant supporting information and signatures embedded into the document.
The application form has embedded terms and conditions and together they form the data sharing agreement (DSA). All applicants and the data provider are required to sign this document before we authorise the release of data to you.
- What happens to your application after submission?
We will confirm receipt of your request. We will undertake an initial review of each application within 3 weeks of submission.
After the initial review, we’ll refer your application to the HQIP Data Access Request Group (DARG), or if the application has not been satisfactorily completed, we’ll request clarification or further information from you.
We will allocate a reference number to your application. This reference number should be used in the subject field on all correspondence relating to the application.
DARG meets on a monthly basis. Applications which are complete, have addressed all clarifications and have paid the relevant DARG fee, will be discussed at the next available DARG meeting. We will confirm with you the meeting date once the application is ready for submission.
Each application is reviewed against the following criteria:
- Is the proposed use of the data clinically appropriate?
- Is the proposed use of the data methodologically sound?
- Does the application satisfy the requirements of the GDPR and Data Protection Act 2018?
- Are the necessary legal, ethical permissions and security arrangements in place?
We will inform applicants of the outcome within one week of the DARG meeting at which the submission was discussed.
Following approval, data will be released within a reasonable timeframe agreed with the data processor. This may vary depending upon the complexity of the data requested and the scope of the core audit activity being undertaken at that time. Please discuss any specific deadlines or timescales with the project before you submit your application to ensure you can get the data you need within your preferred timeframe.
If DARG do not approve the release of the data, you will be advised on steps required to improve the quality of your application. Once your application has been updated with requested clarification and returned to HQIP it will either be submitted for Chair’s action or be submitted for review at the next scheduled DARG.
Details of the meeting dates and outcome dates are available here.
- Costs of data access
HQIP has a long-standing commitment to enabling secondary use of NCAPOP data for healthcare surveillance, improvement and research. Our mechanism to do this is our Data Access Request Group. The administration and delivery of the group has no source of external funding and runs on a cost recovery basis.
Since the pandemic, alongside other data custodians, we have seen a significant reduction in application numbers. As a result, it is currently very difficult to cover DARG costs. The reasons for this are likely to be multifactorial and this makes it difficult to predict if/when we will return to previous application levels.
Rather than scale back DARG activity (ie limit the number of applications we review), we are therefore taking the difficult decision to suspend discretionary fee waivers until further notice.
We recognise the impact this will have on individual unfunded applications, but this is currently necessary in order to safeguard the ongoing DARG service.
We will continue to explore any opportunities for supplementary funding, but none are available to us at present.
Our charges can be found below and are payable before an initial DARG review can take place.
Our payment schedule means how much you pay is determined by the amount of time, effort and approvals required. We review our pricing structure on an annual basis.
How charges are calculated
You will need to identify what type of application you are submitting:
- Applications to the National Joint Registry (NJR) – (please get in touch with the NJR as their own cost recovery fees may apply).
Definitions for all applications are included in the application form.
Fee structure 2022/23
The fees listed are in pounds (£) sterling and are exclusive of VAT, which shall be paid in addition at the appropriate rate, where applicable. Fees will be agreed before the process starts.
||Complex data project/new approaches
|5. National Joint Registry
||Contact NJR’s Research and Governance Manager
We also authorise individual NCAPOP projects who advise, support and release the data to recoup reasonable costs. These costs may vary depending upon the specific request. To find out more, please contact the individual national clinical audit or clinical outcome review programme in the first instance using the contact details listed on our website.
More information about the payment process is included in the application form. Please note that this fee is non-refundable.
- Outputs or reports
We are committed to ensuring that, where possible, all data, outputs and publications are made publicly available for the wider benefit of the public and the NHS.
Applicants for data, especially for the purposes of research, are expected to publish any findings or outputs resulting from their analysis of NCAPOP data. Applicants should reference that the data used was collected by HQIP. The acknowledgement should take this form:
Data has been provided by the Healthcare Quality Improvement Partnership from the xxx Programme
Data from the National Joint Registry (NJR) should use the NJR acknowledgement guidance.
- Special requests
If you wish to access a small amount of anonymous and aggregate information that has not yet been published by the HQIP project, please contact HQIP or the HQIP project directly. These requests may not require the completion of a Data Access Request Form, in which case they will be processed as Information Sharing Requests instead.
- Reproducing HQIP copyright material
If you do not wish to access data but wish to reproduce tables, text or other information that is included in an NCAPOP project report or output under HQIP copyright, please contact us directly at [email protected]
- Extensions and Amendments requests
Please note that existing Data Sharing agreements are not automatically renewed. They are valid for 12 months following HQIP’s date of signature, unless in exceptional circumstances where HQIP has granted a longer period. If the data is required beyond the expiry date within your approved Data Sharing Agreement you would need to request an extension by filling in the Extension/Amendment DARF template (which can be downloaded below) prior to the expiry date in order to further hold and process the data. HQIP would advise you to start preparing your Extension application at least 3 months before expiry of the original Data Sharing Agreement.
If a change is required to an existing DARF, for instance, where a new team member is added to the project, the outputs dates have changed, a minor change has occurred to the data flows, or an additional data field is required which is not included in the original application (provided the objectives and purpose of the data processing remain the same), you can request the amendment by filling in our Extension/Amendment DARF template by following the instructions in the form.
Please note that Extension/Amendment requests are subject to the same process followed when a new DARF is received (i.e. pre-DARG checks, possible clarifications requests, payment of relevant DARG fees and submission to our monthly DARG meetings for review and approval). The approval process may therefore be time consuming and requiring additional resource, which is why HQIP would recommend that you start working on your renewal/amendment request in good time.
Please use our Extension/Amendment DARF template which can be downloaded below.
For more information on application fees, please see the Costs of Data Access section.
- Glossary of terms
A controller is either a person or an organisation who determines the purposes and the manner in which any personal data are, or are to be, processed.
There can be more than one controller for a data set. Joint controllers occur when two or more persons or organisations act together to decide the purpose and manner of any data processing.
We commission and manage national audits and outcome reviews as joint data controllers with NHS England and Digital Health and Care Wales, or where healthcare organisations in Devolved Nations or Crown Dependencies (Scotland, Northern Ireland, Isle of Man, Jersey and Guernsey) may participate in some of our projects.
A processor is any individual or organisation (other than an employee of the controller) who processes the data on behalf, and at the behest, of the controller. The audit and outcome review providers we commission are processors on behalf of HQIP.