Common governance model: a way to avoid data segregation between existing trusted research environment

Abstract

BackgroundTrusted Research Environments provide a legitimate basis for data access along with a set of technologies to support implementation of the "five-safes" framework for privacy protection. Lack of standard approaches in achieving compliance with the "five-safes" framework results in a diversity of approaches across different TREs. Data access and analysis across multiple TREs has a range of benefits including improved precision of analysis due to larger sample sizes and broader availability of out-of-sample records, particularly in the study of rare conditions. Knowledge of governance approaches used across UK-TREs is limited. ObjectiveTo document key governance features in major UK-TRE contributing to UK wide analysis and to identify elements that would directly facilitate multi TRE collaborations and federated analysis in future. MethodWe summarised three main characteristics across 15 major UK-based TREs: 1) data access environment; 2) data access requests and disclosure control procedures; and 3) governance models. We undertook case studies of collaborative analyses conducted in more than one TRE. We identified an array of TREs operating on an equivalent level of governance. We further identify commonly governed TREs with architectural considerations for achieving an equivalent level of information security management system standards to facilitate multi TRE functionality and federated analytics. ResultsAll 15 UK-TREs allow pooling and analysis of aggregated research outputs only when they have passed human-operated disclosure control checks. Data access requests procedures are unique to each TRE. We also observed a variability in disclosure control procedures across various TREs with no or minimal researcher guidance on best practices for file out request procedures. In 2023, six TREs (40.0%) held ISO 20071 accreditation, while 9 TREs (56.2%) participated in four-nation analyses. ConclusionSecure analysis of individual-level data from multiple TREs is possible through existing technical solutions but requires development of a well-established governance framework meeting all stakeholder requirements and addressing public and patient concerns. Formation of a standard model could act as the catalyst for evolution of current TREs governance models to a multi TRE ecosystem within the UK and beyond.