Joining up the dots: driving innovation, research and planning through Trusted Research Environments
Simon Madden, Director of Data Policy, and Catherine Pollard, Director of Tech Policy, reflect on NHSX’s plans to champion Trusted Research Environments (TREs) and the crucial role they play in driving forward innovation, planning and research.
NHSX has recently published, in draft form, a single Data Strategy for health and care: ‘Data Saves Lives: Reshaping Health and Social Care with Data’.
The Data Strategy, together with the Life Sciences Vision and Clinical Research Implementation Plan, envisages much more widespread use of the data the NHS generates day to day in driving insight to support population health, resource planning, clinical research and health-improving innovations. To enable this, NHSX is bringing together our partners across the system to detail the role of Trusted Research Environments (TREs) in the health and care system, the standards they must meet and policies to govern their use.
What are ‘Trusted Research Environments’ (TREs)?
TREs are controlled digital environments used to store, or analyse sensitive data securely. Examples include the TRE that NHS Digital is developing to analyse national NHS data assets (including GP data), and the TRE implemented by Genomics England for the 100,000 Genomes Project data. TREs allow analysts and researchers to undertake in-depth analysis on rich, joined up datasets without them seeing any identifiable information. TREs will not be suitable for all uses, and there will be legitimate exceptions, for example where there is patient consent (to be defined as part of our policy work, see below).
What benefits do TREs bring?
The main benefits TREs bring are improvements in data quality, security, transparency and privacy. These features make them critical to winning and maintaining public trust in data-driven planning, research and innovation.
TREs allow for a range of health and care data sources to be linked at scale, and provide tooling for analysing linked data in a standardised and collaborative manner.
Data never needs to leave the data controllers’ systems. Only analysts, researchers and innovators who meet specified requirements are allowed access to TREs. Any tools, platforms or additional datasets brought into these environments can undergo security checks prior to inclusion to ensure they are safe.
TREs are able to record and audit all activity within them, bringing enhanced oversight of data uses and making analyses run available for interrogation and reuse by other users.
TRE security can be enhanced by the use of Privacy Enhancing Technologies, such as tools to facilitate data minimisation. Controls within these environments mean only data which has been agreed as necessary for a project is made available within the TRE for analysis and to ensure it is proportionate and that anonymity is maintained.
Why is NHSX working to support standardisation of TREs?
Health sector organisations (as well as academia and industry) are developing and deploying their own versions of TREs, which provide access to data for analysts in a broad range of ways. However these TREs diverge in their governance and technical implementation (including interoperability). TREs need to conform to consistent standards on access and governance so that patients, the public and health and care professionals can understand what they do and how they work, and have confidence that they control access to data securely. Providing standards for the technical design and deployment of TREs is essential to ensuring interoperability and federation across environments, making them fit for the future. Being clear on where standardisation is needed and where there is room for flexibility will also allow for innovation between different TREs and ensure that collectively, they meet a range of user needs.
How is NHSX bringing together stakeholders across the system?
NHSX has convened a Design Working Group for TREs with experts drawn from ALBs, government departments, academia and independent organisations. Together we are building an evidence-based understanding of the health and care system’s needs from TREs and developing recommendations on policy and standards to meet these needs.
The Design Working Group will be continuously supported by a number of reference groups, composed of TRE users, owners (such as NHS trusts or ICSs) and providers (such as OpenSafely or AIMES). These will make sure outputs from the Design Working Group are comprehensive and practical. NHSX will be responsible for oversight and decision-making. We will also host engagement sessions for a cross-section of the health and care research and innovation community to harness their wider insights and test the group’s emerging outputs against their needs and experience.
Most importantly, we are privileged to have NHSX Patient and Public Voice advisors join these groups, helping to consistently centre their perspective on and needs for this work. We will also leverage the patient and public engagement mechanisms being established through the Data Strategy and its implementation plan, such as patients’ and citizens’ juries, in order to gather further ideas and understand and address any concerns.
What will NHSX deliver from March 2022?
- A minimum technical specification for TREs - covering core areas such as interoperability, cybersecurity and use of privacy enhancing technologies.
- TRE standards and policy - we will create new governance standards and enhance any relevant existing ones. We will also develop policy and best practice guidance for TREs covering for example, when their use will be mandatory and any legitimate exceptions.
- An accreditation framework - detailing the specifications and standards that TREs must adhere to, and how adherence will be assessed and monitored.
We intend to build on the excellent work on TREs by our partners across the health and care system (including HDR UK) and co-produce all these outputs with them. We will continue working closely with NHS Digital and with commissioned health and care localities to test and iterate on these deliverables.
Further, given how essential TREs are to enabling more insight to be derived from health data for public benefit, in a way the public can trust, NHSX is preparing to make significant investment into TREs from 2021/22 onwards. This investment will support NHS Digital’s TRE, create a number of 'real-world’ data TREs, and drive advanced uses of genomics and imaging data.
What does this mean for health data controllers and processors?
All TREs that hold or analyse health and care data will need to conform to the NHSX specifications and standards once these are published. This will be a mandatory prerequisite for the accreditation of any TRE, and to qualify for funding from NHSX to build and sustain them (on behalf of DHSC or NHSEI). Where an TRE will contain NHS data, only those environments that have been accredited may be procured and deployed.
What about existing arrangements for using health data?
Following consultation, we will draw up a roadmap and timetable for the transition to a data use ‘ecosystem’ made up entirely of a relatively small number of accredited TREs. The roadmap and timetable will ensure that existing data use for service improvement, research and innovation is not disrupted during the transition.
- We will be holding webinars for the health and care system this autumn to provide further information on our plan and emerging thinking.
- If you are a user, owner or provider of a TRE and would like to join one of the Reference Groups, please contact us at firstname.lastname@example.org.
- We will shortly be sharing with ICS leaders further details on how to get involved in testing models for real world data TREs, and the expected requirements.
- The final draft of the NHSX Data Strategy for health and care, due to be published in November, will include the first iteration of the policy principles for TRE use, which will underpin the wider outputs of this work.