JMIR Publications

ABSTRACT

Background:

A Trusted Research Environment (also known as a Safe Haven) is an environment supported by trained staff and agreed processes (principles and standards) providing access to data for research whilst protecting patient confidentially. Accessing sensitive data without compromising the privacy and security of the data is a complex process.

Objective:

This paper presents the security measures, administrative procedures and technical approaches adopted by TREs.

Methods:

We contacted TRE operators, 20 of whom, in the UK and internationally, agreed to be interviewed remotely under a non-disclosure agreement and to complete a questionnaire about their TRE.

Results:

We observed many similar processes and standards which TREs follow to adhere to the Seven Safes principles. The security processes and TRE capabilities for supporting observational studies using classical statistical methods were mature and the requirements well understood. However, we identified limitations in the security measures and capabilities of TREs to support “next-generation” requirements such as wider ranges of data types, the ability to develop artificial intelligence algorithms and software within the environment, the handling of big data, and timely import and export of data.

Conclusions:

We found a lack of software/automation tools to support the community and limited knowledge of how to meet next-generation requirements from the research community. Disclosure control for exporting artificial intelligence (AI) algorithms and software was found to be particularly challenging where there is a clear need for additional controls to support this capability within TREs.