In 2020, the UK Health Data Research Alliance (UK HDRA) released a green paper outlining the importance of and concepts behind a Trusted Research Environment (TRE). TREs are secure computing environments that manage sensitive patient data while allowing access to researchers, and are increasingly vital tools in enabling collaborative research. At BC Platforms, we are fully aware of the importance and challenges of maintaining the security of patient data, and have therefore designed solutions which meet the demands of all the TRE concepts.
As part of the UK HDRA green paper, the “Five Safes” model was described to explain how to ensure privacy:
- Safe People
- Safe Projects
- Safe Settings
- Safe Outputs
- Safe Data
In this blog post, we will discuss what these characteristics refer to and how BC Platforms solutions are able to support each of them.
Safe People
It is important that TREs are able to track individuals and organisations, such that data access and usage is appropriately restricted to accredited users. This can be achieved via BC|RQUEST, a federated search portal and project management solution, where users can register their interest in a project or study dataset, upload their accreditation, and track their progress through a phased certification process, in order to be deemed as “Safe People”.
BC Platforms can also assist with centralised certification processes. In fact, BC|RQUEST is already being used by the Health Data Research (HDR) Gateway to offer federated queries across multiple UK datasets, including COVID-19 datasets.
Safe Projects
Another feature of TREs is that data access is linked to projects, and project approvals as well as research activity are visible to the public and/or research participants. This public service of tracking then broadcasting permitted research activity can be facilitated by BC|RQUEST in 2 ways:
- i) all activity occurring inside a project in our centralised “Safe Setting” is logged and a subset of this information can be made accessible to the public on TRE approval, and
- ii) the notification of a Patient Advocacy Group (or any organisation with the responsibility to broadcast research information to patients) can be included as a mandatory step in the approval workflow of a new research project in BC|RQUEST.
Safe Setting
TREs need to be secure as well as easy to use. BC|RQUEST.com is both a project and access management tool and a federated search query tool. Users can browse a variety of data collections and build cohorts using drag and drop to define inclusion and exclusion criteria. Meta analysis can be performed across these cohorts on clinical and genomic data using various analytical approaches, without data ever leaving the data custodian’s environment i.e. the owner of the data “collection”.
BC Platforms enables this federated approach via BC|LINK (Figure 1), which runs any analysis requests behind the data custodian’s firewall and returns a simple count to the RQUEST search portal, ensuring a Safe Setting because the detailed patient data never leaves its original environment. This is the architecture currently in place to support the HDR UK Gateway Portal.
Figure 1. Supporting Safe Setting: While data does not leave the original environment, approved users are allowed to access via BC|RQUEST and BC|LINK.
For projects where additional analytical tools are required or researchers wish to easily add their own data, we are able to support this by providing BC|INSIGHT together with BC|RQUEST (Figure 2). BC|INSIGHT provides a powerful set of inbuilt algorithms that are optimised to work on large volumes of clinical and genomic data. BC|INSIGHT also provides R Studio and Jupyter Notebook integration, in addition to a long list of APIs, so that researchers can utilize specific tools to perform the analysis or upload their own data.
Figure 2. BC|INSIGHT enables additional analytic tools while BC|SAFEBOX serves as an airlock to ensure data security and study-specific system access in the TRE.
With this expanded set of functionality comes the need to lock down the environment and prevent data from being exported, referred to as an “Airlock” in the green paper. BC|SAFEBOX is such an airlock, as it is a remote desktop environment where users have to login before accessing the BC|INSIGHT environment. In this way, we can restrict external internet access and prevent unwanted downloads, ensuring the security of the TRE. Data custodians retain full control over their data and are able to remove data at any point.
Finally, these different solution components are also available as docker containers that can be deployed as part of a Kubernetes cluster, enabling ease of installation and consistency with the latest cloud architecture techniques and cloud elasticity/scalability options.
To validate the above solution architecture suggestions, BC Platforms has already taken part in multiple “Data Processor Impact Assessments”, which we view as an important part of our role as “Data Processor” under the terms of GDPR.
Safe Data
For a TRE to operate with public trust, the data must have been appropriately de-identified. While BC Platforms can play a role in helping to validate the absence of identifiers, it is down to the data custodians who contribute data to the TRE to ensure they have appropriately de-identified their data and that they have gathered any necessary consents from the study participants.
Additionally, BC Platforms offers encryption of data in-transit and at-rest in all our standard products to help keep patient data safe and secure.
Safe Outputs
Our solutions have an exhaustive set of audit logs for all user actions in the system, which could be integrated with new monitoring tools e.g. Grafana or SPLUNK to assist with automating the approval of result data sets from researcher analysis and enabling Safe Outputs.
For TREs where return of results is possible, the safe return of data to assist in clinical diagnosis can be enabled by pseudonymised keys only in the TRE, with the original patient key/pseudonym table stored outside of the TRE.
We also offer clinically validated pipelines and interpretation tools such as BC|GENOME and BC|PREDICT. BC Platforms currently holds an ISO standard for medical devices for this reason.
Ensuring safe and secure research with TREs
Access to data via TREs will help to protect the privacy of patients whose health data they hold, while allowing large-scale data analysis that will undoubtedly continue to drive insights and generate breakthroughs in medicine. The UK HDRA has described the features of TREs based on the Five Safes model, which we have explored above in detail and discussed how BC Platforms solutions are able to meet each of these requirements.
As more organisations adopt these “Data Safe Havens”, the green paper rightly points out the importance of balancing data security, benefits to researchers through improved access, and transparency for public and patients. BC Platforms is excited about the role we can play in helping to facilitate this.