Requesting information from NHSBSA
There are several ways to request information from us.
The Freedom of Information Act (FOI) gives you the right to ask for information held by a public authority. Anyone can ask for this information, and we’ll provide it if it is not exempt from disclosure.
Data protection law gives you the right to ask for information about yourself. This is called a subject rights request. Anyone can exercise this right with us if we hold your personal information.
In your professional role, you may have powers under other UK legislation to request information from us. For example, you may be:
- a counter fraud officer
- a police officer
- in possession of a court order conducting research that requires access to data held by us that does not fall under the Freedom of Information Act, or is patient-identifiable
Freedom of information (FOI) requests
Anyone can request the information we hold. You should first check our publication scheme and our previous requests and responses to see if we’ve already published the information you’re looking for. We publish some information regularly and we publish the responses to all FOI requests. If the information you are looking for is not already published, you can make a new request.
Your FOI request must be in writing, and you must provide your name and contact details.
The easiest way to make a new FOI request is by using our FOI request portal, which will guide you through the process. We’ll normally respond to your request within 20 working days of receiving it.
If you have further questions about our FOI processes or wish to make enquiries about an ongoing request, email us at email@example.com.
Requesting information about you or someone you represent
Data protection law provides you with certain rights regarding your personal information, such as the right to receive a copy of the information we hold about you.
You can request that your information be:
- changed, if you believe it was not correct at the time you provided it
- deleted, if you believe we are keeping it for longer than necessary
You must provide us with details that will help us find your personal information, and by law, we must confirm who you are before processing your request.
The easiest way to make a rights request is by using our subject rights request portal.
You can make a request:
We’ll normally respond to subject rights requests within one calendar month, but this could be up to 3 months for large or complex requests.
If you have any questions about our subject rights request process, or want to ask about any ongoing request, email us at firstname.lastname@example.org.
Find out about your rights and how we use your information.
Requesting patient-identifiable data for research purposes
If you are conducting research and wish to request patient-identifiable data we hold, you must first discuss your research project with the NHS Health Research Authority.
You must apply to the relevant research ethics committee for approval. Proof of this approval must be supplied as part of your application.
If you want to link our primary care data with Hospital Episode Statistics (HES) sensitive patient-identifiable data, complete the DARS application process at NHS Digital.
Read our data for data for research application form (Word: 578KB) and research board terms of reference (Word: 2.1MB).
Email us at email@example.com to discuss your request and include any relevant documents - the ethical approval or your legal basis for requesting patient-identifiable data, for example.
Complete the application form, including purchase order details, and email it to firstname.lastname@example.org.
Our research board reviews all requests. They decide if it meets the requirements and if we can support it. We’ll give you a reason if we're unable to support your request at the time of application. These reviews usually take 6 to 8 weeks. This may take longer, depending on our resource availability and the complexity of the request.
There will be a non-refundable charge for reviewing your request. If your request is approved, there will be additional charges to cover the cost of processing and delivering the data.
Request non-identifiable patient data or data from multiple sources not covered by FOI
If data is not published and not available through Freedom of Information you must complete our application for requesting data form (Word: 227KB).
Submit all requests by email to:
- email@example.com for dental requests
- firstname.lastname@example.org for prescribing data requests
- email@example.com for ophthalmic requests
We’ll review your application and, if it contains the appropriate detail, we'll arrange an appointment to discuss anything that needs to be considered for your application to progress.
Some important elements of an application that often require further discussion include:
- the legal basis under which you access the data
- technical feasibility - whether we can provide what is being requested
- the purpose for wanting the data, including what benefits will be yielded for health and social care in the UK
The application will be sent back to you if more information is required in any of these areas.
We'll work closely with you to capture the necessary detail in your application.
You will then resubmit your application with the additional information included.
We do not charge for data, but we do apply charges to cover the cost of processing and delivering the service. We make sure charges are applied fairly and consistently, broadly determined by the amount of effort and approvals required.
Charges are calculated on 4 key service components, which are the:
- type of application
- volume of data requested
- number of times throughout the agreement that you require data to be disseminated
- nature of the service requested
Costs are based on a daily rate of the analytical resource involved. Each request will be individually costed, including a charge for assessing the request.
Actual costs will be confirmed at the end of the application process and formally agreed before work commences.
The importance of using data
We recognise the importance of using data to benefit public health. It’s important to use data in an ethical, controlled, and consensual way.
Our policies make sure that data used for public health research remains confidential.
All requests for data are subject to the provisions outlined in:
- Common Law Duty of Confidentiality
- data protection legislation
- the Caldicott principles
- the Information Commissioner’s statutory data sharing code of practice (PDF: 1.3 MB)
- the national data opt-out programme.
Find out more about our governance framework.