Common governance model: a way to avoid data segregation between existing trusted research environment

Fatemeh Torabi; Chris Orton; Emma Squires; Sharon Heys; Richard Hier; Ronan A Lyons; Simon Thompson

doi:10.23889/ijpds.v8i4.2164

Common governance model: a way to avoid data segregation between existing trusted research environment

Int J Popul Data Sci. 2023 Nov 8;8(4):2164. doi: 10.23889/ijpds.v8i4.2164. eCollection 2023.

Authors

Fatemeh Torabi^{1

2}, Chris Orton^{1

3

4}, Emma Squires^{1

2

4}, Sharon Heys^{1

5}, Richard Hier¹, Ronan A Lyons^{1

2

5}, Simon Thompson^{1

2

3

5}

Affiliations

¹ Population Data Science, Swansea University, Swansea, SA2 8PP.
² Dementias Platform U, Swansea University, Swansea, SA2 8PP.
³ Health Data Research UK, 215 Euston Road, London, England, NW1 2BE.
⁴ These authors contributed equally to the work.
⁵ SAIL Databank, Swansea University, Swansea, SA2 8PP.

Abstract

Background: Trusted Research Environments provide a legitimate basis for data access along with a set of technologies to support implementation of the "five-safes" framework for privacy protection. Lack of standard approaches in achieving compliance with the "five-safes" framework results in a diversity of approaches across different TREs. Data access and analysis across multiple TREs has a range of benefits including improved precision of analysis due to larger sample sizes and broader availability of out-of-sample records, particularly in the study of rare conditions. Knowledge of governance approaches used across UK-TREs is limited.

Objective: To document key governance features in major UK-TRE contributing to UK wide analysis and to identify elements that would directly facilitate multi TRE collaborations and federated analysis in future.

Method: We summarised three main characteristics across 15 major UK-based TREs: 1) data access environment; 2) data access requests and disclosure control procedures; and 3) governance models. We undertook case studies of collaborative analyses conducted in more than one TRE. We identified an array of TREs operating on an equivalent level of governance. We further identify commonly governed TREs with architectural considerations for achieving an equivalent level of information security management system standards to facilitate multi TRE functionality and federated analytics.

Results: All 15 UK-TREs allow pooling and analysis of aggregated research outputs only when they have passed human-operated disclosure control checks. Data access requests procedures are unique to each TRE. We also observed a variability in disclosure control procedures across various TREs with no or minimal researcher guidance on best practices for file out request procedures. In 2023, six TREs (40.0%) held ISO 20071 accreditation, while 9 TREs (56.2%) participated in four-nation analyses.

Conclusion: Secure analysis of individual-level data from multiple TREs is possible through existing technical solutions but requires development of a well-established governance framework meeting all stakeholder requirements and addressing public and patient concerns. Formation of a standard model could act as the catalyst for evolution of current TREs governance models to a multi TRE ecosystem within the UK and beyond.

Keywords: Trusted Research Environments; data governance; data protection.

MeSH terms

Disclosure*
Ecosystem*
Humans

Grants and funding

This work has been funded by Dementia Platform UK 2 – integrated Dementia Experimental Medicine MR/T033371/1.