What is a Trusted Research Environment?
A guide to Trusted Research Environments
A secure environment for working with sensitive health data
Often researchers have data they want to collaborate on with others, or data owners have data they want to share with others – and both need to be certain that their data is safe, secure, and activity is fully audited. A Trusted Research Environment (TRE) is where that collaboration can take place, a secure environment that provides the means for users to find, request, access and analyse health data for research purposes.
Trusted Research Environments provide a secure area for both data and tooling with fully audited data access controls and allowing approved researchers to bring multiple datasets of different modalities into a single collaborative space with the tools and the people they need to perform their research.
Unlocking the world’s health data for research
The sensitivity of health data necessitates understandably strict access control, but this in turn limits the use of this potentially invaluable research resource. Much of the world’s useful health data still remains stored securely out of the reach of researchers, limiting the datasets they have to work with.
A Trusted Research Environment provides peace of mind to data owners and patients, ensuring them that their sensitive data is used responsibly and in a safe environment and providing a mechanism for opening up the world’s health data for critical research projects.
Key features of a Trusted Research Environment
As the need for a secure environment for handling and analysing data for health research continues to be realised, Trusted Research Environments have been developed as the best solution to some of the challenges faced by research teams. In order to fulfil these requirements a TRE requires the following key features.
Trusted Data Sharing
Metadata Catalogue
Data owners need to share information on the data they have available. Data needs to be findable and described in a consistent format and in accordance with data standards. A TRE needs a searchable metadata catalogue, capable of scaling to hundreds of disparate datasets of different modalities.
Prior to requesting data, a researcher needs to know if the data meets the requirements of their study. Full data dictionary metadata must be available, but also the ability to understand the shape of that data, using cohort browsing tools.
The Aridhia DRE provides FAIR Data Services, an enterprise scale metadata catalogue, with full RBAC user visibility control, secure ingest APIs and cohort building capabilities.
Automated Data Access Requests
Users of a TRE need a consistent way to request access to data and view the status of those requests. Data owners must, where required, be involved in the approval process – and that process must support multiple parties, often geographically dispersed. An orchestrated Data Access Request system will present programmatic request forms to users, automate the approval process, provide consistent feedback to all parties and ensure end-to-end governance.
Secure Data Access
A TRE must provide owners and researchers the ability to work with complex multi-modal data, such as genomic data, pharma data, medical imaging and structured clinical data. Access to that data must be supported in various ways, either by transfer, secure access to repositories or read-only database access. An enterprise scale TRE provides access to all modalities of data, regardless of mechanism, to the same secure compute environment.
A Federated Data Platform
The realities of data sharing across geographical boundaries necessitate the need for the use of federated data platforms. A TRE needs to provide the facility for data owners for controlled federated access to their data, and for researchers, an easy to use and programmatic way of accessing and working with that federated data.
Collaborative Research
Inbound and outbound data control
A critical data security component of any Trusted Research Environment is the use of a data airlock system, which ensures that sensitive data cannot enter or leave your TRE without administrator approval.
The movement and integrity of approved data is managed via a range of role-based access controls, secure file uploads and data pipelines with automatic virus scanning. Administrators have the ability to add, edit and remove user roles, and approve or deny any export requests from the TRE.
Out-of-the-box tooling
A Trusted Research Environment is a platform designed to provide researchers with a means to collaborate on data analysis securely across their project team. As such, a key component of any TRE is the out-of-the-box-tooling with which users can complete their desired analytical tasks. A Trusted Research Environment is a platform designed to provide researchers with a means to collaborate on data analysis securely across their project team. As such, a key component of any TRE is the out-of-the-box tooling with which users can complete their desired analytical tasks.
Some of the tools available in the Aridhia DRE include data table analytics, with a curated collection of biomedical R modules, R, Python and SQL tooling, such as RStudio and Jupyter Notebook and real-time collaborative Office tools, supporting Excel, Word and Powerpoint. All of these are supported by Git for version management.
Flexible compute capability
Besides out-of-the-box tooling, a Trusted Research Environment must provide the computational resources required to run a range of dedicated complex modelling and analytical pipelines. As such, the TRE must support multi-user access to virtual machine compute capabilities and scalable storage to support high volume multi-modal data analysis.
Fully traceable audit
A TRE must audit user activity, to ensure use of data is aligned with agreed terms and conditions. The audit provides a clear trail of data use, including:
- Dataset creation and upload
- User data request and approval/rejection
- Time of access or transfer to a compute environment
- Acceptance of data use conditions
- Data edit or file creation
- Airlock requests
The entire data journey must be visible via a secure audit mechanism available to platform administrators.
Security and reliability
Security is an integral part of all Trusted Research Environments and as such, a TRE and any supporting services must demonstrate that they conform to strict security standards, such as ISO27001 and ISO27701. To provide the peace of mind to data owners and users that their data is safe and secure, audits against these standards must take place frequently and certificates readily available.
The Ardihia DRE is fully compliant with ISO27001, ISO27701, HITRUST standards, making it a globally certified and truly trusted research environment. You can learn more about the security policies of the Aridhia DRE here.
A fully featured Trusted Research Environment
The Aridhia DRE is the culmination of 10 years of development to create a feature set that is having a real-world impact on health research projects.
The SATRE Specification
HDR UK are developing a specification of what is expected of a Trusted Research Environment. These can be found in the SATRE (Standard Architecture for a TRE) definition. Read on to find out what the key features of a Trusted Research Environment include.
Standard Architecture for Trusted Research Environments (SATRE)
The SATRE standard for Trusted Research Environments seeks to, as the name suggests, standardise the architecture of the many available TREs and provide an open specification to benchmark Trusted Research Environments against.
SATRE isn’t just a standard developed to cover the technical implementation of a TRE: it also seeks to standardise the supporting services required to operate a TRE successfully and securely.
Broken down into four key sections, the SATRE specifications outlines the features that should be implemented in the categories of:
- Information Governance
- Computing Technology and Information Security
- Data Management
- Supporting Capabilities
You can learn more about how we benchmarked our own Trusted Research Environment, the Aridhia DRE in the following section.
The Aridhia DRE is a SATRE compliant TRE
The Aridhia DRE has been evaluated against the SATRE specification and meets the specification of a fully SATRE compliant Trusted Research Environment. You can find out more about how we evaluated the Aridhia DRE against the SATRE specification in the following resources:
Assessing the Aridhia DRE against the SATRE specification
This paper scores the Aridhia DRE against the four sections of the SATRE specification, and summarises some of the features that we believe contribute toward that score.
SATRE: Standardised Architecture for Trusted Research Environments – Introduction
An introduction to our blog series testing the Aridhia DRE against the SATRE specification.
SATRE: Standardised Architecture for Trusted Research Environments – Information Governance
This article outlines our testing of the Aridhia DRE against the Information Governance section of the SATRE specification.
SATRE: Standardised Architecture for Trusted Research Environments – Computing Technology
We assess the Aridhia DRE against the Computing technology category of the SATRE specification to see how it stacks up.
SATRE: Standardised Architecture for Trusted Research Environments – Data Management
This article details how we assessed our Aridhia DRE against the Data Management category of the SATRE specification for Trusted Research Environments.
SATRE: Standardised Architecture for Trusted Research Environments – Supporting Capabilities
We conclude our assessment of the DRE by benchmarking it against the Supporting Capabilities category of the SATRE specification.
SATRE: How the Aridhia DRE Goes Beyond the Specification
Our recent blog series welcomed the emergence of the SATRE specification for Trusted Research Environments (TREs) and scored the Aridhia DRE against the specification.
SATRE specification documentation
The full SATRE specification and further details for the SATRE project can be found on the official specification website.
The Five Safes Framework
The security requirements of a Trusted Research Environment has led to the development common security frameworks and standards for TREs. The Five Safes Framework has been adopted in the development of TREs to ensure security.
Safe People
Researchers looking to access data are subject to an application process, which can only be approved by the data provider. Requirements for access are proven and user agreements are signed in order to ensure data confidentiality is always protected.
Safe Projects
Projects are outlined in the approval process, ensuring data providers are fully informed prior to access. Data providers can then decide whether or not they’re comfortable with how sensitive data will be used and outputs achieved from an ethical standpoint.
Safe Settings
Settings ensure that the data is only accessed by approved people for approved purposes. These control all digital and physical access to data, and must be proven to meet the security standards. Data can only be used within the safe setting.
Safe Outputs
Checks are made prior to publishing that any aggregated data meets confidentiality standards set out by the data providers. Only then can anything be output from the Trusted Research Environment, which ensures that all data is still suitably de-identified.
Safe Data
Data is only available when it’s required for an approved project. This ensures that researchers are unable to access sensitive data which is unnecessary for their research, and is achieved through a form of de-identification known as pseudonymisation.
Incorporating the Five Safes into the Aridhia DRE
Learn how the Aridhia DRE has been developed with The Five Safes framework in mind to ensure security for users and the data they need to access.
The Aridhia DRE
Designed to be used at enterprise scale by research hospitals, collaborative data networks and pharma– our Trusted Research Environment, the Aridhia DRE, is designed to improve to advance scientific research and improve patient outcomes.
A next-generation TRE
The Aridhia Digital Research Environment has been developed over 10 years to address the security needs of data owners whilst providing for the analysis needs of the data scientists, clinicians and researchers who make use of the data.
The Aridhia DRE is a truly enterprise scale TRE, providing not only the fully audited and airlocked TRE Workspaces with out of the box tooling, but also a full metadata catalogue developed in adherence to FAIR data principles, with data management, governance and access control capabilities
Who we areAn Azure Trusted Research Environment
The Aridhia DRE is a Azure hosted Trusted Research Environment (TRE) delivered either as SaaS or as a fully managed enterprise-scale solution in a dedicated Azure subscription, providing a metadata catalogue with a standards-aligned structured dataset definition format, complete audit of user activity, governance of data access approval, and secure collaborative Trusted Research Environment Workspaces.
Being an Azure based platform, the Aridhia DRE has the full spectrum of Azure cloud tooling and cloud services available to it, such as Azure Data Factory, Azure PostgreSQL, Azure SQL Server, Synapse, AzureML, OpenAI, Azure Kubernetes Service (AKS) and Azure Blob Storage for unstructured data and also providing the facility to access on demand compute via the full roster of available Azure Virtual Machine (VM) compute instances.
Microsoft AzureA future-proof TRE
The Aridhia DRE is constantly evolving to meet the increasing demands of the health research industry, from exploring the huge potential of running offline LLMs inside a Trusted Research Environment to the benefits of being a part of the Aridhia Network – our community of users and partners working together towards the common goal of finding new treatments and improving patient outcomes.
To learn more about how Aridhia is shaping the future of Trusted Research Environments, check out our blog.
Read our blogOur Platform
The Aridhia Digital Research Environment (DRE) is the Trusted Research Environment built for collaborative research projects at enterprise scale.