Skip Navigation
Search site

This is our old website. Most information can now be found on our new NHS Digital website. Let us know what you think.

DARS Process

The DARS process consists of five stages:

  • Application
  • Approval
  • Access
  • Audit
  • Deletion


The application stage sets out the nature of the requested data and the purpose for which it is being requested.

There are five steps within the application stage:

  • Read through the pdf icon pre-application checklist [194kb]
  • Contact us on 0300 303 5678 or email to discuss your data access request requirements
  • Complete the application using the pdf icon guidance [454kb] and submit together with supporting documentation
  • The DARS team will review the application and, if it contains the appropriate detail, will schedule an appointment to discuss your application. During the meeting any actions that need to be completed in order to progress your application will be captured
  • Together we complete any necessary actions to move into the approvals stage

When an application for data is submitted, we complete an initial review looking at the following key areas:

  • The legal basis under which you access the data
  • The security of your data handling and storage systems
  • Technical feasibility - whether we can provide what is being requested
  • The purpose for wanting the data

An application is referred back to the applicant where more information is required in any of these areas. The application would then need to be resubmitted with the additional information included. 


The approval stage verifies that there is an appropriate legal basis for accessing the requested data and that appropriate safeguards are in place to ensure that you will store and handle data safely and securely.

All new applications, including those where a pdf icon Data Sharing Agreement [62kb] exists, will be presented to the Data Access Advisory Group (DAAG)

There are four steps within the approvals stage:

  • The application is assessed prior to submission to DAAG by the Information Asset Owner (IAO) or a representative, with any necessary actions discussed and completed. 
  • The application is presented for a final pre-DAAG review
  • The application is formerly presented to DAAG by the IAO
  • Potential outcomes will include:
    • Recommendation - a Data Sharing Agreement is produced for your signature and the application moves into the access stage
    • Recommend with caveats - the IAO will discuss actions and timescales with you in order to re-present at DAAG
    • Deferred - the IAO will discuss actions and timescales with you in order to re-present at DAAG
    • Withdrawn - the IAO will discuss actions and timescales with you in order to re-present at DAAG
    • Rejection - the IAO will notify you and discuss next steps

 The exception to this is those applications requesting access to more of the same non-identifiable data, or to hold the same non-identifiable data for longer. For these cases, the application will be assessed and approved by the IAO and Director for Data Dissemination.


There are three steps within the approvals stage:

  • The Data Sharing Agreement is signed by you and HSCIC
  • The data, with patient objections upheld as appropriate, is produced, reviewed and signed-off by HSCIC, or the data service access is granted
  • The data is made accessible, either by secure file transfer or the HES Data Interrogation System

Once the application has been initially reviewed (step 4 in the application stage), it is subject to our 'Service Levels'. We only pause the elapsed time when we require further detail, such as a more explicit articulation of the purpose, or when approvals are required from an external body (such as Approved Researcher status from ONS).

Our service response times are as follows:

  • 14 working days - for standard requests, like extensions to existing agreements
  • 30 working days - for medium requests, such as tabulated data for small numbers suppressed
  • 60 working days - for complex requests, including identifiable data across a series of datasets

A dashboard offering analysis of our performance in managing requests for access to data is undergoing review and will be reintroduced shortly. A separate link will follow.


We carry out data sharing audits to check that our customers are meeting the obligations in their contract and pdf icon Data Sharing Agreement [62kb]

Deletion of data

All data must be deleted when a Data Sharing Agreement or Data Sharing Framework Contract expires and is not renewed. A pdf icon Certificate of Destruction [113kb] needs to be completed and returned to

Further guidance is available in the pdf icon security notes [510kb] document

Help and advice

For support and advice on the DARS process please contact us on 0300 303 5678 or email 

Close iCM Form