A Trusted Research Environment for Translational Science

The Health e-Research Centre Trustworthy Research Environment (TRE) is a new facility for the secure analysis of health data at The University of Manchester. This cutting-edge facility is directed by the Manchester BRC’s informatics and data sciences cross-cutting theme leadership team, offering a unique interface for the BRC research themes to utilise (Peek; Ainsworth et al). The TRE enables researchers to access and analyse health data while protecting confidentiality of staff and patients, and prevents unauthorised users accessing data at any time.. The data held in the TRE is typically collected in clinical trials, cohort studies, or as part of routine care provision. In all cases any mention of names, addresses, dates of birth, NHS numbers or other person identifying information will be removed before the data is made available to researchers. In addition, the TRE minimises the risks of data leakage by adopting the latest security mechanisms, restricting the importing and exporting of data from the TRE, and the extent of data processing.

Hospitals and GP practices securely enabled to share their data with the HeRC TRE receive a transparent, controlled process for managing data access requests, supported by a meta-data catalogue and services for data provision and archiving. Added advantages are oversight of the users and uses of their data, retaining control over access, and ensuring a collective knowledge of their dataset and resultant efficiency through the analysis platform.

Researchers are granted access through standardised and transparent procedures whilst minimising the proliferation of datasets and the frequency of data transfer. In addition, the TRE aims to retain user productivity and confidence by providing a familiar desktop environment for data analysis.

In March 2018, the TRE was certified to ISO27001 by Lloyd’s Register Quality Assurance (LRQA). ISO27001 is the international best practice standard for information security management. This involves all legal, physical and technical controls in an organisation that contribute to security of information and risk management. A large number of thorough procedures were put in place to fulfil the LRQA requirements, with many employees undergoing training and fastidiously reviewing information. Gaining ISO27001 has already enabled data sharing with NHS Digital and Salford Royal NHS Foundation Trust, allowing secure data analytics projects to take place.

The TRE and its ISO27001 certification maintains Manchester’s position as a leading group in health data and informatics research. It also drives and contributes to the BRC’s aim of developing state-of-the-art art and knowledge management systems to support basic biomedical science and its rapid clinical translation.