Error message

Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2405 of /homepages/3/d274688683/htdocs/devdrupalseven/includes/

Submit data access request to SHIP

How to complete the SHIP data access application form

When SHIP goes live at the end of 2012 the application form will be available here.

An annotated exemplar version of the form to help guide you through completing your own form can be accessed here

What will happen to your application now?

Before you are given access to the dataset your data access application will need to obtain the necessary approvals. This authorisation process is outlined in the diagram below. More information about the process outlined in the diagram can be found in the information under the diagram.

SHIP Data Access Authorisation Process Diagram


1. Submit your data access application to the SHIP Research Co-ordinator.

After you have completed all of the steps outlined in this route-map, you should submit your data access to SHIP, assisted by the SHIP Research Co-ordinator. You can access the data access application form at the top of this page.

2. The SHIP Research Co-ordinator will send your application to the data custodian.

On receipt of your data access application the SHIP Research Co-ordinator will assist in the examination of your data access application and determine whether it is robust and in accordance with the SHIP SOP. If it is they will pass your application on to the data custodian (in terms of the Data Protection Act, the data controller) who controls the data you are seeking to access.

3. The data custodian will consider your application and will balance any security and privacy risks with the public interest in the research.

At this stage the data custodian will look to the privacy risk assessment that you, the researcher, have already carried out. They will add into this any concerns of their own that they may have. If, after considering all of the relevant factors, it is decided that the information should be disclosed, the data custodian must only agree to disclose the minimum of information necessary to achieve the objective of the research project.

The data custodian might decide it is necessary to impose additional access conditions. For example, they may specify that you must only use anonymous data, or that you must use a SHIP Safe Haven to access the data. You should try to avoid having any extra conditions imposed on your data access by offering in your application to take steps, such as the use of a Safe Haven, which you think may be appropriate.

It is possible that in some circumstances the data custodian will refuse your data access application. This may be because they do not think that your research project is in the public interest or it may be because they think your proposed data access raises too many security concerns. You can try to avoid this happening by taking steps such as, for example, only requesting to access the minimum amount of information necessary to achieve the objective of your research project, clearly outlining in your application what the public benefit of your research project is, and undertaking to take certain security precautions in relation to your data usage.

Even if data access is approved by the data custodian, the data will not be provided to the researcher by the data controller until all of the necessary approvals have been obtained.

The data custodians in the NHS are Caldicott Guardians.  Any request for identifiable data which is held by the NHS therefore requires specific Caldicott approval.  However, if you are accessing data through SHIP, the Caldicott Guardians work closely with SHIP andand are moving towards a more streamlined process for approval. The Caldicott Guardians will however sometimes check a sample of applications.

For more information please see the station in route-map 4 called ‘assess privacy risk of data request.’

4. The SHIP Research Co-ordinator will incorporate any additional access conditions imposed by the data custodian into the data access application. They will also advise the researcher on any ethical approvals which need to be sought.

You may need to obtain approval for your research project from both or either a Research Ethics Committee or NHS R&D committee.

Research Ethics Committee

Approval from a Research Ethics Committee must normally be sought for the use of identifiable data and sometimes for the use of anonymous data. However the use of anonymised data will be much easier to justify, both legally and ethically, than the use of identifiable data. SHIP is working closely with the National Research Ethics Service to further streamline the processes.

For more information please see the guidance page on Research Ethics Committees.

NHS R&D approval

NHS R&D approval will be required where NHS resources, staff time or patients are involved. 

If ethical approval for your research project is refused then you will need to amend and re-submit your research proposal and data access application.

5. The SHIP Research Co-ordinator can advise on the SHIP triage process whereby SHIP assigns a privacy risk category to your application.

The SHIP triage process is the process carried out after you have submitted your data applicationand after the data controller has set any conditions for access. The process involves an examination of any privacy risks which could arise from your proposed data access and use and will assign a privacy risk category to your application accordingly. The fewer concerns that are raised, the lower the privacy risk category that will be assigned.

The consequences of an application being assigned a particular the risk category are threefold:

  1. This determines the authority responsible for authorising the data use.  For categories 0 and 1 approval will be given without any further review, for category 2 a ‘fast track review’ will be conducted by PAC, and for category 3 a full review will be conducted by PAC.
  2. The lower the risk category,  the more likely it is that the researcher will be granted data access and that access will be granted quickly.
  3. The lower the risk category, the fewer the additional conditions that may be attached to the data use.

These are summarised in the following table:

6. PAC will review your data access application.

If your privacy risk category is ‘2’ or ‘3’ your application will be sent to the Privacy Advisory Committee (PAC) for approval. If your privacy risk category is ‘2’ it will need to be reviewed by PAC, but this will be a ‘fast track review.’ However if your privacy risk category is ‘3’ then a full review by PAC will be required.

PAC will either (a) approve your data access application, (b) set conditions for data access or (c) refuse your application.

For more information please see the guidance page on PAC.

7. SHIP Research Co-ordinator will communicate the results of the PAC approval process to the researcher and data custodian and will advise on the co-ordination the release of the data within the SHIP framework.

8. When the data custodian is satisfied that all of the necessary approvals are in place, they will release the data either directly to the researcher of to the SHIP Safe Haven.

Return to top of page

Sign a Data Sharing Agreement

A data sharing agreement is a legally binding agreement describing the terms and conditions of disclosure of specific data in the context of a relationship between organisations. Before you recieve your data and commence your research project you must have signed this agreement.

The agreement must be co-signed by a representative of the researcher's institution.  The co-signatory must have the authority to take the necessary responsibility on behalf of their institution.

The SHIP Data Sharing Agreement can be accessed here.

Return to top of page

Return to route-map