Data Access Requests – Information for Applicants

For an overview of our Data access request processes, please head to our dedicated webpage.

The following information is aimed at prospective data applicants. The subsections below will provide you with further detail relating to preparing and submitting an application.

If you are considering submitting a data access request application to our DARG, we recommend that you visit our Understanding Health Data Access page before you design your project, especially if you are new to requesting access to health data. It includes resources to introduce the principles that data custodians work within to ensure that data is shared safely, legally, fairly and with public benefit. You will also find collated links to additional guidance and information across the research and data sharing community that you may find helpful.

We have produced a short video, with Health Data Research UK, to explain some key features of our data application process. A number of our datasets are listed on the Health Data Research Innovation Gateway, which includes searchable descriptive and technical information, however we always advise checking with the relevant NCAPOP team to see if there are recent dataset changes.

In addition, in this recorded presentation, our Associate Director, Yvonne Silove, talks through our datasets and our data access process as well as highlighting top tips and common pitfalls in applying for data. Top tips for using linked health datasets in research are also available in a leaflet co-produced with the Health Foundation.


Before you submit an application

Not all access to our data requires an application to be submitted. It may be that the data you need is available through our existing published data. Please read the following information to see if the data you require is available from another source before proceeding with your application.

HQIP’s Joint data controllers should contact the HQIP Data Sharing inbox before completing an application so that we can answer questions and provide the correct form.

We commission approximately 40 national clinical audits and clinical outcome review programmes which make up the National Clinical Audit and Patient Outcomes Programme (NCAPOP). We also commission some projects outside the NCAPOP in addition to hosting the National Joint Registry.

These projects collect data on the quality and outcomes of care provision in England and Wales. Some projects also collect data in Scotland, Northern Ireland, Isle of Man, Guernsey and Jersey, either under contract to HQIP or under separate arrangements.

Data from these projects is routinely reported and these reports are available on each project website, as well as on our website. The reported data is also placed, and can be accessed, on the website.

Many of these projects link with third party data sets such as Hospital Episode Statistics (HES) and Office for National Statistics (ONS) data.

If you have determined that a data access application is still necessary, you should make contact with the relevant HQIP data provider (i.e. the HQIP commissioned or hosted project) before you submit an application. The HQIP data provider will need to advise if your data requirements can be met and will need to review and approve your application ahead of it being submitted to HQIP.  You can find details of all of the data providers here.

If you wish to make a request for National Joint Registry data, please ensure you have read their approvals process.

When we can release data

We can authorise the release of data for which we are the data controller, as defined in Data Protection Legislation. For most of the projects in the NCAPOP programme, we are a joint controller along with the programme funder.

Some data that we collect is not placed in the public domain. However, as the controller, we can share this data for the purpose of quality improvement, including research, service evaluation, and audit, if certain conditions are met and depending upon certain permissions that are in place for each project.

HQIP cannot usually give permission to share data for which we are not a data controller; this includes where a project has been linked to a dataset controlled by another organisation.  It is important that prior to submitting an application for which you would like to access a linked dataset, you discuss this with the HQIP project provider and HQIP.

HQIP cannot approve, at this time, applications that involve transfer of personal data to an organisation outside the EEA (‘restricted transfer’). Please note that personal data includes both personally identifiable (patient level) data and de-identified (including pseudonymised) data which may indirectly identify an individual.

Submitting an application

We recommend you get in touch with us at [email protected] before you submit your formal application. By discussing your data needs with us, we can offer guidance on how to make a strong application.

Once you’re ready to make a formal application, complete the data access request form. You can download the form at the bottom of this webpage. Applications are reviewed on a monthly basis.

We require you to complete all relevant sections of the request form in full and to have all relevant supporting information and signatures embedded into the document.

The application form has embedded terms and conditions and together they form the data sharing agreement (DSA). All applicants and the data provider are required to sign this document before we authorise the release of data to you.

What happens to your application after submission?

We will confirm receipt of your request. We will undertake an initial review of each application within 3 weeks of submission.

After the initial review, we’ll refer your application to the HQIP Data Access Request Group (DARG), or if the application has not been satisfactorily completed, we’ll request clarification or further information from you.

We will allocate a reference number to your application. This reference number should be used in the subject field on all correspondence relating to the application.

DARG meets on a monthly basis. Applications which are complete, have addressed all clarifications and have paid the relevant DARG fee, will be discussed at the next available DARG meeting; usually this is within one to two months after submission. We will confirm with you the meeting date once the application is ready for submission.

Each application is reviewed against the following criteria:

  • Is the proposed use of the data clinically appropriate?
  • Is the proposed use of the data methodologically sound?
  • Does the application satisfy the requirements of the GDPR and Data Protection Act 2018?
  • Are the necessary legal, ethical permissions and security arrangements in place?

We will inform applicants of the outcome within one week of the DARG meeting at which the submission was discussed.

Following approval, data will be released within a reasonable timeframe agreed with the data processor. This may vary depending upon the complexity of the data requested and the scope of the core audit activity being undertaken at that time. Please discuss any specific deadlines or timescales with the project before you submit your application to ensure you can get the data you need within your preferred timeframe.

If DARG do not approve the release of the data, you will be advised on steps required to improve the quality of your application. Once your application has been updated with requested clarification and returned to HQIP it will either be submitted for Chair’s action or be submitted for review at the next scheduled DARG.

Please be advised that if an applicant has not responded to a HQIP DARG clarification request or a pending query / action(s), in relation to their application within a 6 months period, HQIP will consider the application closed. No further action with their application will take place, unless contacted again.

Details of the 2024 meeting and outcome dates are available here.

Costs of data access

HQIP has a long-standing commitment to enabling secondary use of NCAPOP data for healthcare surveillance, improvement and research. Our mechanism to do this is our Data Access Request Group. The administration and delivery of the group has no source of external funding and runs on a cost recovery basis.

Since the pandemic, alongside other data custodians, we have seen a significant reduction in application numbers. As a result, it is currently very difficult to cover DARG costs. The reasons for this are likely to be multifactorial and this makes it difficult to predict if/when we will return to previous application levels.

Rather than scale back DARG activity (ie limit the number of applications we review), we are therefore taking the difficult decision to suspend discretionary fee waivers until further notice.

We recognise the impact this will have on individual unfunded applications, but this is currently necessary in order to safeguard the ongoing DARG service.

We will continue to explore any opportunities for supplementary funding, but none are available to us at present.

Our charges can be found below and are payable before an initial DARG review can take place.

Our payment schedule means how much you pay is determined by the amount of time, effort and approvals required. We review our pricing structure on an annual basis.

How charges are calculated

You will need to identify what type of application you are submitting:

  1. Basic
  2. Standard
  3. Complex
  4. Change
  5. Applications to the National Joint Registry (NJR) – (please get in touch with the NJR as their own cost recovery fees may apply).

Definitions for all applications are included in the application form.

Current fee structure 

The fees listed are in pounds (£) sterling and are exclusive of VAT, which shall be paid in addition at the appropriate rate, where applicable. Fees will be agreed before the process starts.

Fee Type Fee detail Fee charge
1. Basic Anonymous data £1,000
2. Standard De-personalised

Personally identifiable



3. Complex Complex data project/new approaches £2,000
4. Change Amendment

Annual renewal



5. National Joint Registry Contact NJR’s Research and Governance Manager TBC

We also authorise individual NCAPOP projects who advise, support and release the data to recoup reasonable costs. These costs may vary depending upon the specific request. To find out more, please contact the individual national clinical audit or clinical outcome review programme in the first instance using the contact details listed on our website.

More information about the payment process is included in the application form. Please note that this fee is non-refundable.

Outputs or reports

We are committed to ensuring that, where possible, all data, outputs and publications are made publicly available for the wider benefit of the public and the NHS.

Applicants for data, especially for the purposes of research, are expected to publish any findings or outputs resulting from their analysis of NCAPOP data. Applicants should reference that the data used was collected by HQIP. The acknowledgement should take this form:

Data has been provided by the Healthcare Quality Improvement Partnership from the xxx Programme

Data from the National Joint Registry (NJR) should use the NJR acknowledgement guidance.

Special requests

If you wish to access a small amount of anonymous and aggregate information that has not yet been published by the HQIP project, please contact HQIP or the HQIP project directly. These requests may not require the completion of a Data Access Request Form, in which case they will be processed as Information Sharing Requests instead.

Reproducing HQIP copyright material

If you do not wish to access data but wish to reproduce tables, text or other information that is included in an NCAPOP project report or output under HQIP copyright, please contact us directly at [email protected]

Extensions and Amendments requests


Please note that existing Data Sharing agreements are not automatically renewed. They are valid for 12 months following HQIP’s date of signature, unless in exceptional circumstances where HQIP has granted a longer period. If the data is required beyond the expiry date within your approved Data Sharing Agreement you would need to request an extension by filling in the Extension/Amendment DARF template (which can be downloaded below) prior to the expiry date in order to further hold and process the data. HQIP would advise you to start preparing your Extension application at least 3 months before expiry of the original Data Sharing Agreement.


If a change is required to an existing DARF, for instance, where a new team member is added to the project, the outputs dates have changed, a minor change has occurred to the data flows, or an additional data field is required which is not included in the original application (provided the objectives and purpose of the data processing remain the same), you can request the amendment by filling in our Extension/Amendment DARF template by following the instructions in the form.

Please note that Extension/Amendment requests are subject to the same process followed when a new DARF is received (i.e. pre-DARG checks, possible clarifications requests, payment of relevant DARG fees and submission to our monthly DARG meetings for review and approval). The approval process may therefore be time consuming and requiring additional resource, which is why HQIP would recommend that you start working on your renewal/amendment request in good time.

Please use our Extension/Amendment DARF template which can be downloaded below.

For more information on application fees, please see the Costs of Data Access section.

Glossary of terms
Controller A controller is an individual or an organisation who determines the purpose and manner in which any personal data are, or may be, processed. It is the responsibility of the controller to ensure that any processing of personally identifiable data is safe and secure.

Other terms for a controller include data custodians.

Dataset A dataset is a collection of data.
Data access The process of obtaining access to specific data for uses such as service evaluation, healthcare improvement or research. The conditions under which access to data is granted can vary by project, researcher, and data controller.
Data access request A request submitted by a data applicant to DARG to request access to datasets or parts of datasets for which HQIP is a controller.
Data Access Request Group (DARG) A group within HQIP responsible for considering applications requesting access to specific datasets, and recommending to HQIP whether the proposed access to data should be supported.
Data field This is an individual piece of information which is requested and explicitly listed in the application.
Health data Personal data relating to the physical or mental health of an individual or population, including the provision of health care services, which reveals information about their health status.
Joint controllers There can be more than one controller for a dataset. Joint controllers occur when two or more persons or organisations act together to decide the purpose and manner of any data processing.

We commission and manage national audits and outcome reviews as joint data controllers with NHS England and Digital Health and Care Wales.

Patient data Medical information about an individual, for example: past and present illnesses, treatment history, lifestyle choices, genetic data, social care needs, height and weight, allergies, etc.
Processor A processor is any individual or organisation who processes the data on behalf of the controller. The audit and outcome review providers we commission are processors on behalf of HQIP.

Contact us

You can contact us by email at: [email protected].

For information relating to National Joint Registry data access, please email [email protected]