Data access requests
30 MARCH 202o: Please note that given the current Coronavirus situation new and existing applications and subsequent data releases may be delayed. In addition we are prioritising urgent COVID–19 requests. Thank you for your patience and understanding.
We are responsible for the largest programme of clinical audit in the UK. Our data access request service ensures that data from programmes we commission and host – including the data collected through our national clinical audit and patient outcome programme (NCAPOP) – is available for research, quality improvement, service evaluation and evidence-based decision making.
Support for your project
We strongly recommend that you visit our Understanding Health Data Access page before you design your project, especially if you have no or little experience of requesting access to health data. It includes resources to introduce the principles that data custodians work within to ensure that data is shared safely, legally, fairly and with public benefit. You will also find collated links to additional guidance and information across the research and data sharing community that you may find helpful.
In addition, in this recorded presentation, our Associate Director Yvonne Silove talks through our datasets and our data access process as well as highlighting top tips and common pitfalls in applying for data.
- Before you submit an application
Not all enquiries progress to the application stage. It may be that the data you need is available through our existing published data. Please read the following information to see if the data you require is available from another source before proceeding with your application.
We commission approximately 40 national clinical audits and clinical outcome review programmes which make up the National Clinical Audit and Patient Outcomes Programme (NCAPOP). We also commission some projects outside the NCAPOP and we host the National Joint Registry.
These projects collect data on the quality and outcomes of care in England and Wales. Some projects also collect data in Scotland, Northern Ireland, Isle of Man, Guernsey and Jersey, either under contract to HQIP or separately.
Data from these projects is routinely reported and these reports are available on each project website, as well as on our website. The reported data is also placed on the data.gov.uk website.
Many of these projects link with third party data sets such as Hospital Episode Statistics (HES) and Office for National Statistics (ONS) data which are managed by NHS Digital.
If you have determined that a data access application is still necessary, you should make contact with the relevant HQIP data provider (i.e. the HQIP commissioned or hosted project) before you submit an application. The HQIP data provider will need to advise if your data requirements can be met and will need to review and approve your application ahead of it being submitted to HQIP. You can find details of data providers here.
If you wish to make a request for National Joint Registry data, please ensure you have read their approvals process.
- When we can release data
We can authorise the release of data for which we are the controller. For most of the projects in the NCAPOP programme, we are a joint controller along with the programme funder.
Some data that we collect is not placed in the public domain. However, as the controller, we can share this data for the purpose of quality improvement, including research, service evaluation, and audit, if certain conditions are met and depending upon permissions in place for each project.
HQIP cannot usually give permission to share data for which we are not a controller; this includes where a project has been linked to a dataset controlled by another organisation, such as NHS Digital. It is important that where you would like to access a linked dataset, you discuss this with the HQIP project and HQIP before you submit an application.
HQIP cannot approve at this time applications that involve transfer of personal data to an organisation outside the EEA (‘restricted transfer’). Please note that personal data includes both personally identifiable (patient level) data and de-identified (including pseudonymised) data which may indirectly identify an individual.
The current uncertainty created by the UK withdrawal from the EU (with regards to data protection and international transfers) has led to HQIP’s decision not to approve data applications that involve such international transfers. Until this decision is revisited, HQIP would recommend that international organisations partner with a UK institution to ensure that the data processing remains within the UK.
- Submitting an application
We recommend you get in touch with us at [email protected] before you submit your formal application. By discussing your data needs with us, we can offer guidance on how to make a strong application.
Once you’re ready to make a formal application, complete the data access request form. You can download the form at the bottom of this webpage. Applications are reviewed on a monthly basis.
We require you to complete all relevant sections of the request form in full and to have all relevant supporting information and signatures embedded into the document.
The application form has embedded terms and conditions and together they form the data sharing agreement (DSA). All applicants and the data provider are required to sign this document before we authorise the release of data to you.
- What happens to your application after submission?
We will confirm receipt of your request. We will undertake an initial review of each application within 3 weeks of submission.
After the initial review, we’ll refer your application to the HQIP Data Access Request Group (DARG) or, if the application has not been satisfactorily completed, we’ll request clarification or further information from you.
Once we have accepted your application after the initial review, the application is subject to our service levels.
We will allocate a reference number to your application. This reference number should be used within the subject field on all correspondence relating to the application.
DARG meets on a monthly basis. Applications which are complete and have addressed all applicable clarifications will be discussed at the next available DARG meeting. We will confirm with you the meeting date once the application is ready for submission.
Each application is reviewed against the following criteria:
- Is the proposed use of the data clinically appropriate?
- Is the proposed use of the data methodologically sound?
- Does the application satisfy the requirements of the GDPR and Data Protection Act 2018?
- Are the necessary legal and ethical permissions and security arrangements in place?
We will inform applicants of the outcome of a DARG meeting within one week of the meeting.
Following approval, data will be released within a reasonable timeframe agreed with the data processor. This may vary depending upon the complexity of the date requested and the scope of the core audit activity being undertaken at that time. We expect data to be released in a number of weeks. Please discuss any deadlines or timescales with the project before you submit your application to ensure you can get the data you need within your preferred timeframe.
If DARG do not approve the release of the data, you will be advised on steps required to improve the quality of your application. This advice will be provided on the listed outcome date. Once your application has been updated with requested clarification and returned to HQIP it will either be submitted for chairs action or be submitted for review at the forthcoming DARG.
Details of the meeting dates, invoice payment deadlines, and outcome dates are available here.
- Costs of data access
We will request payment from you to cover the cost of administering and processing your request.
Our payment schedule means how much you pay is determined by the amount of time, effort and approvals required. We review our pricing structure on an annual basis.
How charges are calculated
You will need to identify what type of application you are submitting:
In addition, some applications might be eligible for discounted or waived fees, including:
- Applications to the National Joint Registry (NJR) – (please get in touch with the NJR as their own cost recovery fees may apply).
- NHS England / Getting It Right First Time applications.
- Unfunded applications.
Definitions for all applications are included in the application form.
Fee structure 2019/20
The fees listed are in pounds (£) sterling and are exclusive of VAT, which shall be paid in addition at the appropriate rate, where applicable. Fees will be agreed before the process starts.
We also authorise individual NCAPOP projects who advise, support and release the data to recoup reasonable costs. These costs may vary depending upon the specific request. To find out more, please contact the individual national clinical audit or clinical outcome review programme in the first instance using the contact details listed on our website.
More information about the payment process is included in the application form.
- Outputs or reports
We are committed to ensuring that, where possible, all data, outputs and publications are made publically available for the benefit of the public and the NHS.
Applicants for data, especially for the purposes of research, are expected to publish any findings or outputs resulting from their analysis of NCAPOP data. Applicants should reference that the data used was collected by HQIP. The acknowledgement should take this form:
Data has been provided by the Healthcare Quality Improvement Partnership from the xxx Programme
Data from the National Joint Registry (NJR) should use the NJR acknowledgement guidance.
To be transparent, we will publish a public register of approved data sharing applications. We will include within this register the lay title and lay summary of your project that you will have provided within your data sharing application form.
- Special requests
If you wish to access a small amount of anonymous and aggregate information that has not yet been published by the HQIP project please contact HQIP or the HQIP project directly. These requests may not require the completion of a Data Access Request Form.
- Reproducing HQIP copyright material
If you do not wish to access data but wish to reproduce tables, text or other information that is included in an NCAPOP project report or output under HQIP copyright, please contact us directly at [email protected].
- Extensions and Amendments requests
Please note that existing Data Sharing agreements are not automatically renewed. They are only valid for 12 months following HQIP’s date of signature, unless HQIP has granted a longer period in exceptional circumstances. If the data is required beyond the expiry date within your approved Data Sharing Agreement you would need to request an extension by filling in our Extension/Amendment DARF template (which can be downloaded below) prior to this date in order to further hold the data. HQIP would advise you to start preparing your Extension application at least 3 months before expiry of the original Data Sharing Agreement.
If a change is required to an existing DARF, for instance, where a new team member is added to the project, the outputs dates have changed, a minor change has occurred to the data flows, or an additional data field is required which is not included in the original application (provided the objectives and purpose of the data processing remain the same), you can request the amendment by filling in our Extension/Amendment DARF template by following the instructions in the form.
Please note that Extension/Amendment requests are subject to the same process followed when a new DARF is received (i.e. pre-DARG checks, possible clarifications requests and submission to our monthly DARG meetings for review and approval). The approval process may therefore be time consuming and requiring additional resource, which is why HQIP would recommend that you start working on your renewal/amendment request in good time.
Please use our Extension/Amendment DARF template which can be downloaded below.
For more information on application fees, please see the Costs of Data Access section.
- Glossary of terms
A controller is either a person or an organisation who determines the purposes and the manner in which any personal data are, or are to be, processed.
There can be more than one controller for a data set. Joint controllers occur when two or more persons or organisations act together to decide the purpose and manner of any data processing.
We commission and manage national audits and outcome reviews on behalf of NHS England, the Welsh Government, and sometimes healthcare organisations in Scotland, Northern Ireland, Isle of Man, Jersey and Guernsey. As such, we are joint controller with these organisations.
A processor is any individual or organisation (other than an employee of the controller) who processes the data on behalf, and at the behest, of the controller. The audit and outcome review providers we commission are processors on behalf of HQIP.