Our Trusted Research Environment (TRE), also known as Data Safe Haven, is a secure digital workspace that allows approved researchers remote access to analyse sensitive health data. This safeguards patient privacy while paving the way for life-saving research and improved healthcare.
We understand the critical balance between fostering groundbreaking research and protecting the privacy of individuals. That is why our TRE prioritises patient confidentiality. We achieve this by alligning our operations with the Five Safes framework, developed by the Office for National Statistics (ONS) as guidance for those who provide access to sensitive data. This industry-standard approach ensures the appropriate level of data protection for all sensitive information entrusted to us.
The Five Safes Framework
The Five Safes framework outlines a comprehensive approach to data security. Our TRE incorporates all five principles to guarantee the integrity and confidentiality of sensitive health data.
Safe People
Researchers looking to access patient data via DaSH must have appropriate qualifications, be affiliated with a reputable institution, and provide evidence that they have completed the relevant Data Protection and Governance training.
Safe Projects
DaSH only ever supports projects which have a clear plan to safely and ethically interact with patient data, and produce outputs that are of public benefit. All projects must obtain the necessary approvals from the relevant data custodians before DaSH carries out any data extraction. See here for more information about the various permissions pathways.
Safe Settings
The architecture of DaSH has been designed to maintain a high standard of data security, providing a safe environment in which researchers can access their data. All identifiable information is held by NHS Grampian, and only pseudonymised data reaches our analysis platform. In our environment, there is no internet or printer connection, and researchers are unable to move data beyond the confines of their project workspace.
Safe Data
Data is only ever released to researchers once the necessary permissions and requirements are in place, which ensure that researchers are only able to access the minimum amount of data required for their research purposes. During the data extraction process, all identifiable information is removed or pseudonymised, minimising any potential risk to data confidentiality.
Safe Outputs
We require that all researchers ensure their outputs are publication ready, and meet statistical disclosure checking guidelines to ensure that no individuals can be identified. Our Research Coordinator team undertake scrutinous disclosure checks of each individual output before any are approved for release and publication.
Data Security and Governance
In addition to adhering to the Five Safes framework, our DaSH team members have completed comprehensive information governance training. This training equips them with the necessary knowledge and expertise to handle sensitive NHS Grampian datasets securely and responsibly. Furthermore, DaSH holds specific permissions for local access to a designated range of NHS Grampian datasets. These permissions enable us to interact with the data throughout the entire research lifecycle – from initial feasibility assessments to data archiving.
For projects requiring additional information governance oversight, DaSH can act as a liaison with the University of Aberdeen's Information Governance team to ensure compliance.
For further details on our project process, please refer to our dedicated page here.
During the planning phase of a research project, it can be useful for researchers to gauge whether or not there is adequate data to answer their research questions.
The DaSH team can use their local access to NHS Grampian platform databases to provide a summary regarding the volume of data, and what information is captured.
Where a researcher may require information about data that DaSH does not have local access to, we can contact the relevant data custodians to obtain a summary. Please note, that at this stage, no data is extracted or released.
Once the necessary permissions and funding are in place, projects progress to the linkage stage, during which the DaSH Analyst team begins to work on exctracting the required data.
Based on the cohort specification given in the protocol, a DaSH analyst will write code to extract the necessary variables across the permitted data sources, and link the information together using unique identifier's like Community Health Index (CHI) numbers.
Where data is required from sources that DaSH do not have local access to, the analyst will work alongside the relevant data custodians, to ensure the correct processing and secure transfer of data.
With the required data linked and extracted, all identifiable information is then pseudonymised in accordance with data protection regulations. Pseudonymised data refers to a dataset where direct identifiers, like names, are replaced with artificial ones (pseudonyms). This allows analysis and use of the data while reducing the risk of identifying specific individuals.
Prior to any data being released to researchers, the pseudonymised data is independantly checked by a second Analyst, before being signed off by a DaSH lead.
After researchers have finished their analysis and DaSH have released their outputs, the datasets used in each project are stored in a secure location for the duration specified in the data management plan, before deletion.
Digital research in action
Explore our case studies to see how working with the Digital Research team can benefit your research
