When members of the public sign up to Our Future Health, they make an important decision. They agree to share their health information so that researchers can make scientific breakthroughs for the public good. 

Every single volunteer puts their trust in Our Future Health to keep their data safe – and we take our duty incredibly seriously. From Day 1 of our programme, we have designed industry-leading systems and processes that ensure our volunteers’ information is only used to better understand health and disease. Nothing else. 

Crucially, our systems and processes use a combination of automated and manual controls, to provide a layered approach that delivers robust safety and security. They can be grouped under 5 key principles, known by data and security professionals as the 5 Safes Framework. 

• Safe data. We de-identify our volunteers’ data, and store it to strict security standards. 

• Safe people. We thoroughly review researchers, their organisations, and the country they and their organisation are based in before granting access. 

• Safe projects. Our independent Access Board reviews every project and only approves research that is in the public good. 

• Safe settings. We only make our data available in highly secure computing environments. 

• Safe outputs. We use an ‘airlock’ in our trusted research environment (TRE), where we manually check the files that researchers wish to take out of the TRE. Only research findings which are effectively anonymised can be exported.  

Our video explains how researchers safely access approved data for their research. You can also read on to learn more about the security that each safe provides. 

Safe data

We store and manage our volunteers’ health information to the highest industry and professional standards, and in compliance with data protection laws. 

All the data we store in our TRE is de-identified. Information such as volunteers’ names and addresses is removed. The de-identified data is then encrypted, stored and backed up to international security standards.  

Researchers can analyse someone’s health information, but without seeing direct identifiers (e.g. name, email address) about who that person is. 

Read more about how we securely store data 

Safe people

We tightly control which researchers are allowed to analyse our volunteers’ data. 

Our Access Team checks the credentials and experience of every researcher who applies to register with Our Future Health. Researchers must prove that they are from a university, the NHS, a charity, or organisations involved in health research. We then check the suitability of the organisations themselves.  

Our Future Health is only available to researchers and organisations in countries and territories which are considered to have the same or similar data protection levels as the UK. We do not allow access to data for researchers based in countries that do not meet these requirements, including China. More information about our territories of access can be found here: Territories of access. 

Researchers must also demonstrate that they are trained in data governance. 

If the researcher passes our initial background checks, they are then able to submit a detailed application for a specific study, which brings us to ‘Safe projects…’ 

Discover more about our data access controls 

Safe projects

An independent Access Board reviews every application from researchers to study our volunteers’ data. The Board includes experts, members of the public, and volunteers, to make sure a wide range of views are heard. 

The Board only approves health-related research that is in line with the consent our volunteers provide. Researchers must prove their study is for the public good to be accepted. 

Access is approved for a fixed period of time, under the terms of a legal contract. Researchers are limited to analysing only the data they need to see for the purpose of their study – we do not give all researchers access to all our data.  

We publish a full list of approved studies online. 

See who sits on our independent Access Board 

Safe settings

When registered researchers have a study approved, they can only carry out their work within an accredited trusted research environment (TRE). These are secure computing environments that are strictly controlled and monitored, so that no data may be removed except results of research. 

Our team of experts make sure the data is only used by registered researchers with approved studies. 

There are tight cyber security controls and monitoring in place to keep our TRE secure. There is also regular independent testing to ensure our controls are effective.  

Read more about the many layers of our cyber defences 

Safe outputs

When researchers want to export their findings from the Our Future Health TRE, they must use our ‘airlock’. The airlock means nothing can leave our TRE until it has been checked and approved by a qualified member of our team. It helps researchers to safely transfer research findings, while protecting our volunteers’ privacy. 

Adam Steventon, our Chief Data Officer explains, “Our Airlock team is there to ensure participant data stays within our TRE, but they are also a support team for researchers. They help research teams get the best outputs whilst ensuring that participant data is kept private and safe.” 

To use the airlock, researchers must first submit a request. These are manually reviewed by our Airlock Reviewers, who check that the findings are aligned with the aims of the study. The team also examines the output in detail, to make sure that the only things leaving our environment are research findings, and not the data itself.  

We only allow export of the types of results which are effectively anonymous and maintain confidentiality. “The process can take time and involve some back-and-forth with researchers,” explains Marko Balabanovic, our Chief Technology Officer. “We know it can cause researchers some frustration, but at the moment reviewing these requests ‘by hand’ is simply the safest way to do it. We continue to work hard to put in a range of different steps and safeguards to keep data safe, and we will carry on refining our approach as a priority. The safety of our volunteers’ data is the most important thing.”