Trustworthy Research Environment development
|Researchers involved||John Ainsworth, Niels Peek, Ben Green, Emily Griffiths, Phil Couch, Brian Blower. Previously: Mari Crotty, Stuart Bennett|
|Partners involved||The University of Manchester, Health eResearch Centre, Connected Health Cities, Salford Royal NHS Foundation Trust.|
|Type of project||Infrastructure|
In order to improve healthcare services, GM CHC researchers often need to use patient data in their research. This data is sensitive: it can include confidential information such as patients medical history. All human health data used in our research must therefore be stored and handled safely.
To ensure the safety of the data used in our research, GM CHC has developed the Trustworthy Research Environment (TRE) which provides researchers with a secure place to store, analyse and process health data.
What is the TRE and how does it work?
The Trustworthy Research Environment (TRE), is a secure data analytics facility certified to ISO27001 since 2017 which is hosted on The University of Manchester campus.
The TRE uses a number of strict security controls to prevent unauthorised access and misuse of data. For example, data protected by the TRE is encrypted in transit and at rest, and can only be accessed via virtualised workstations which are isolated from the internet, minimising the risk of data interception. Connections to these virtual workstations is secured via a VPN service and 2-Factor authentication. Each virtual workstation belongs solely to a single project: only the researchers working on that project can access the corresponding data.
The TRE is the only data analytics resource at The University of Manchester that offers a connection to the NHS Health and Social Care Network (HSCN, formerly known as N3). The HSCN is a secure, private network that allows researchers quick and efficient access to NHS data, and allows The University of Manchester to share data and web-based services with staff in NHS organisations. Some of the TRE’͛s data storage, virtual workstations and application servers are hosted on the HSCN, which makes it possible to conduct data processing and analytics keeping all data on the HSCN.
The TRE board oversees all applications to check that each project has necessary permissions to access this data, referring to the “Five safes”: in order to be granted access to data, the project, people involved, data, facility settings and project outputs must all be deemed safe, ethical and responsible. Application review also checks compliance against the CHC safeguards developed by Citizens’ Juries.
The TRE is currently the only service at The University of Manchester that offers an output checking service, which provides an invaluable extra layer of data security ensuring the safety of published outputs. This practice follows other safe settings in the UK. Additionally, the TRE support team offers training in disclosure control so researchers can understand these checks and can bear them in mind when preparing output.
In addition to its numerous security measures, the TRE’s virtual workstations contain professional, integrated data analysis tools such as STATA and R. These tools, combined with the TRE’s strict security measures and direct NHS connection, mean that the TRE is one of the safest, most efficient data analysis resources for researchers working with sensitive data.
What is the purpose of the TRE?
The TRE provides a secure place for researchers to work on their data. The TRE infrastructure has the ability to support demanding computer resource requirements such as multiple processors and large amounts of memory and storage in a scenario where information security is the primary concern. It is not intended to be a substitute to existing UoM CFS services such as Incline.
Information Security is the core principle of the TRE. The TRE’s primary objective is to maintain the:
1) Confidentiality – the data is only accessible to authorised individuals
2) Integrity–ensuring no data becomes lost or corrupted
3) Availability–best efforts to maintain access to the TRE and its data at all times
How has the TRE been used in GM CHC projects?
The TRE has been used by dozens of the Health eResearch Centre and Connected Health Cities͛ (CHC’s) research projects, however applications to use the TRE are also welcome from external
The TRE’s assurance of security to NHS providers played an important role in CHC’s study of wound care data, a project carried out in collaboration with The Alliance Manchester Business School. To carry out the project, researchers must first collect and analyse existing wound care information to identify how it can be improved.
The GM CHC BRIT antibacterial resistance project is an example where the TRE’s HSCN connection has been used to share evidence based knowledge, which supports GPs to optimise their antibiotic prescribing behaviour.
Who benefits from the use of the TRE?
Researchers, providers and patients alike.
Researchers who use the TRE can be confident that the patient data is being handled in a secure way. During CHC’s 2016 Citizens’ Jury meetings, participants expressed concern that the use of patient data in research might lead to data breaches or misuse, by third parties or by individuals within research organisations. The strict limitations that the TRE places on who can view or access data means that patients and providers can feel secure in the fact that their data is being used safely. There are audit trails too to enable monitoring of the compliance of users with the strict rules and regulations of the TRE.