How we make data available for research
TREs offer a highly secure computing environment, where researchers can access and work with de-identified data (data where identifiable information like name, date of birth or postcode have been removed). No data may be removed except results of research. TREs have strict controls that minimise the risk that an individual person can be identified, and the actions of researchers are monitored to ensure our rules are followed. This approach is designed to make sure that health data is being accessed securely, used appropriately, and that people’s privacy is being protected.
Researchers will only be allowed to access data once they have registered with Our Future Health. The registration process checks the credentials and experience of each researcher and ensures they are trained in data governance and safe data handling processes. Researchers must sign an agreement to follow our rules, and are legally bound to follow the rules of the UK General Data Protection Regulation.
All research studies must be reviewed and approved by our Access Board. Studies are approved for a specific period of time, and registered researchers will only be able to access the relevant data for this time period. A list of all approved research studies will also be published on our website.
Read more about our approach to providing secure access to data for health research here.
Our Future Health will provide a TRE which will be the default way for most researchers to study the data we collect. We are working closely with the researcher community to ensure our TRE is useful for the widest possible range of researchers. Our TRE aims to speed up research and to maximise the value and potential impact of discoveries on prevention, early detection and treatment of diseases.
There could be times when the Our Future Health TRE may not be able to meet certain specific research requirements. For example, where organisations have developed complex software or analytical tools that would be hard, or even impossible, to recreate in our research environment. So, in limited scenarios, and where other TREs can meet the same strict standards as the Our Future Health TRE, we will allow other TREs to host consented, de-identified Our Future Health data to run approved research studies.
We have developed a robust accreditation process to ensure that all TREs hosting Our Future Health data meet the necessary standards of data governance and cyber security, as well as operational, privacy and technical requirements to receive Our Future Health data. This is based on existing, well-established standards and frameworks such as the Office for National Statistics Five Safes framework, the UK General Data Protection Regulation, and international cyber security standard ISO 27001. All TREs must successfully complete this process and achieve accreditation before they can receive Our Future Health data. All the same rules and controls mentioned above apply to any TRE that is accredited to receive Our Future Health data. This includes the rules on researcher registration, access board study approval, and the strict controls around what data may be removed from the TRE.
An external organisation, Dionach Ltd, will assess accreditation applications and supporting evidence. Dionach Ltd is a global provider of information security solutions, is ISO 27001 certified, is a PCI-Certified security assessor, and is approved by the Council for Registered Ethical Security Testers.
A full list of all TREs where your data is stored is available here.
How to apply
Accreditation is open to all research organisations, except large commercial organisations that are not Our Future Health founding members. You can read more about our agreements with founding members here.
Examples of organisations that are eligible to apply include: academic institutions; charities; and NHS organisations; small and medium size enterprises (companies with fewer than 250 employees and either a turnover of less than €50m and/or a balance sheet of less than €43m); and our founding members. To be eligible, the organisation must conduct research studies.
To begin the application process, please send your completed declaration of interest form (available below) to email@example.com. Our Future Health will assess your eligibility to apply, and once this is confirmed you will receive the full suite of application documents (also available below), and instructions on how to submit the self-assessment questionnaire and evidence.
Core application documents:
- Accreditation policy V1.4
- Accreditation of a TRE standard operating procedure V1.4
- TRE accreditation self assessment questionnaire (read-only)
- TRE accreditation fee V1.0
- TRE accreditation change control standard operating procedure V2.1
- Account management of an accredited TRE standard operating procedure V1.3
- Invalidation of accreditation standard operating procedure V1.4
You can read more about the launch of the TRE accreditation process here.
How we protect your information and privacy
Watch this short video for an overview of how we protect the data of everyone who joins our programme