Last month, Professor Ben Goldacre published Better, Broader, Safer, his review into the use of health data in research and analysis for the benefit of patients and the healthcare sector. We were pleased to contribute to the review and agree that there is a real opportunity now to build on achievements made during the COVID-19 pandemic for the wider benefit of UK citizens.

We also agree with Professor Goldacre about the critical importance of establishing and building public trust in the use of health data for research. He sets out clearly the value of establishing trusted research environments and in this blog, we explore our own thinking, that is well aligned with the findings of the review, and explain our approach to making data available securely for research. 

Building trust

Our Future Health aims to be the UK’s largest ever health research programme, with an ambitious goal to power the shift towards sustaining health and preventing disease, rather than managing late-stage illness. We know that if we are to succeed, we need to earn and uphold the trust of people who volunteer to join our programme and consent to the use of their data for research.  

As highlighted in the Goldacre review, security and transparency are essential to achieving this. We need to build this trust over the long term by ensuring safe, secure use of the data and samples our volunteers agree to share with us, and by demonstrating how they are helping to deliver long-term public health benefits.  

We are also committed to putting the public’s voice at the heart of our programme throughout its development, including helping us to develop policies around access to our data and samples and co-designing our public-facing materials, such as our participant information sheet and consent form. We do this by working with our Public Advisory Board, holding specific public consultation sessions and ensuring that we have public representation on our other governance boards.   

Making data available for research

Our overarching aim is to help people live healthier lives for longer through better prevention, earlier detection and improved treatment of diseases. To do this, we are creating a world-leading resource for registered researchers to help speed up the discovery of new methods of early detection, and the evaluation of new diagnostic tools, to help identify and treat diseases early, when outcomes are usually better. The data shared with us will only be used for this purpose – to better understand health and disease – nothing else.  

All data that is shared with us is stored in our secure data store, in compliance with all relevant data protection laws. Identifiable data, such as names, addresses and GP details are removed and securely stored separately. The data is encrypted at all times.  

Over the last six months we have been conducting a programme of work to design a secure approach to making these data available for research. Our approach must meet existing strict privacy, security and technical standards, while also ensuring that Our Future Health data can be used to make discoveries crucial for improving public health for the benefit of everyone.   

Along with others in the scientific community like UK Biobank and Genomics England, we have determined that the best approach is to make data available to registered researchers within secure research environments, often described as trusted research environments (TREs). Health research organisations are increasingly choosing to use TREs because they offer a highly secure computing environment, where researchers can access and work with data, but which have very strict controls on what data they can take away. These controls limit what data can be removed, in order to minimise the risk that an individual can be identified. This represents a shift away from the distributed “data sharing” model of sending researchers extracts of data, which could be worked on using the researchers’ own computer. The “data access” model that we will use instead gives the public greater confidence that health data is being accessed securely, only used appropriately and that the privacy of individuals is being protected.  This approach is also in line with developments in the evolving UK policy landscape, e.g. it is an important focus of the recommendations in the Goldacre review and the NHS draft Data Saves Lives strategy.  

The Our Future Health trusted research environment will be the default route for the majority of researchers accessing our data. We recognise that there could be occasions where it may not be able to meet certain specific research requirements. For example, this may be because organisations already have their own large datasets that can’t be moved for legal reasons. Or because they have developed complex software or analytical tools that would be hard, or even impossible, to recreate in our research environment.  So, when there is a good reason for doing so and they are able to meet the same strict standards as our own TRE, we will allow other trusted research environments to host de-identified Our Future Health data to run approved research projects.  Once a project has been approved, the agreed, deidentified dataset for that project will be securely transferred from our data store to the relevant TRE, either the Our Future Health TRE or another that is equally secure. Data will never be transferred between research environments.   

Setting strict standards: accreditation

To make sure that any trusted research environment hosting Our Future Health data meet the necessary standards of data governance, cyber security, operational, privacy and technical requirements, we are developing an accreditation process, based on well-established and regarded existing standards and frameworks. Any trusted research environment holding Our Future Health participant data will need to successfully complete this process and achieve accreditation before they receive it. At the same time, we are developing our researcher registration and access processes, which will determine who can access the data and under what conditions. Only research that is in line with the consent participants have provided; is for public good; and is aligned to Our Future Health’s objectives will be approved.  As part of our commitment to transparency, we will publish a list of all approved projects on our website. 

Over the last six months, we have been researching and developing both the accreditation process and criteria, gathering views and iterative feedback from a range of stakeholders, experts and the public to help inform our approach. We have also been working closely with those developing TRE policy for the use of health data, including NHS England and HDRUK. 

We are committed to putting the public at the heart of our programme development so as well as working with our own Public Advisory Board, we have recently held public workshops, in conjunction with Kohlrabi Consulting, on how we can best communicate our approach to data access in a way that makes sense and seeking public input on aspects of our access policy. We will soon be publishing more information on the public workshops on our news site.  

We have consulted:

• data governance, cyber security and legal experts;  
• others in the wider life sciences ecosystem, including our charity and industry partners; 
• other health research organisations;  

• government leads in all UK nations;    
• our own advisory boards that provide expert guidance on important aspects of our programme, including ethics, science, diversity and technology.  

Our Future Health is also participating in the Information Commissioner’s Office (ICO)’s Regulatory Sandbox, a service that supports organisations which are creating products and services that use personal data in innovative and safe ways. This allows us to draw on expertise and advice from the ICO. 

Ensuring participant data is protected

Keeping our participant data safe is of critical importance to Our Future Health. Our researcher registration, access and accreditation processes will work together to help us do this. The “Five Safes” model originally developed by the Office for National Statistics is a helpful way to explain our approach: 

• Safe People:  Only trained and registered researchers will access the data within a trusted research environment. We will have a researcher registration process which checks the credentials and experience of each researcher and ensures they are trained in data governance and safe data handling processes.  
• Safe Projects: Data will only be used for ethical, approved projects with a clear public health benefit. All projects and applications to access data will be reviewed and approved by our Access Board.  

The first two safes will all be checked by our researcher registration and our access process. 

• Safe Settings: This means the trusted research environment will have strict technical, administrative, operational, and security controls which manage and monitor all aspects of how it works, and how users interact with it. Our criteria will be based on existing robust standards, such as international information security standard ISO 27001 Annex A, and data protection legislation (UK GDPR). These will be supplemented with specialist criteria specific to the requirements of Our Future Health. 
• Safe Data: All data in the trusted research environments will be de-identified to protect the privacy of participants. This means that personal information, such as name and telephone number, is removed from the dataset so an individual’s identity is not known to researchers. Additionally, all use of the data within the research environment will be tracked and monitored. Everything any researcher does will be known.  
• Safe Outputs: There are strict technical and security controls, as well as operational and governance processes, that determine what data can leave the trusted research environment. This is to minimise the risk of data that can identify an individual participant leaving the environment. These include strict data export rules agreed to as part of a legally binding contract and independent checking (auditing) of data exports. 

These final three “safes” (safe settings, safe data and safe outputs) will all be checked by the Our Future Health accreditation process and monitored over time.  

All applications for accreditation – including for our own trusted research environment – will be supported by evidence and reviewed by an independent third party. This will make sure that decisions are fair and impartial. The list of approved projects on our website will also include information on where the project is taking place, i.e. in which accredited TRE the research will be conducted. We will also have an annual review process to ensure these high standards are maintained over time.  

We are now further developing our detailed accreditation criteria and process, drawing on all the inputs we’ve received so far. As we do, we look forward to continuing to work with NHS colleagues as they develop their response to the Goldacre recommendations and finalise the data strategy. We will publish our accreditation criteria and process this summer, along with further information on our access process.