Balancing security and research access to North West London’s health data

Building on our earlier discussion about iCARE and Whole Systems Integrated Care (WSIC), the Secure Data Environment (SDE) that holds health data for 2.8 million people in North West London and beyond, a crucial aspect of the programme’s evolution has been managing the intersection of researcher demand, security, and access control. The initial partnership between academics and the NHS opened the doors to real-world data that researchers had never accessed before. As expected, this ignited an exponential appetite for more – more data, more access, and more tools to support cutting-edge digital health research, including artificial intelligence (AI). However, this also meant a shift in how data was handled, creating a necessary behavioural and cultural shift among researchers and data analysts alike.

Researchers had to adapt to a new, controlled way of working within a secure platform. This led to the development of a second phase of the SDE, one that better considered the diverse needs of users, whether they were NHS data analysts or academic researchers. Each group came with its own requirements, expectations, and familiarity with different tools. The challenge, then, was to standardise an environment that remained secure while still allowing for meaningful research and analysis. In partnership with Discover-Now Health Data Research UK (HDR UK) Hub for Real-World Evidence, we ensured that the approaches used were in the public interest through large scale public deliberation. 

Expandable compute and core set of analytical tools (Python, R, SQL, STATA, Snowflake, tableau/Qlik) provided a foundational toolkit for researchers and analysts to access data and apply advanced analytics, while ensuring security and maintainability. To support R and Python use, Nexus enabled additional packages and libraries to be downloaded in a controlled manner, only after passing security checks, ensuring that analytics remained dynamic and adaptable, but never at the expense of security. A structured process was introduced for evaluating new tools and implementing them in a controlled, systematic way, considering factors such as licensing costs, security risks, and maintenance overhead.

This shift was not without its challenges. Initially, the technical environment was locked down to an extreme degree – everything was shut down first, and then services were selectively deployed in a controlled, phased manner ensuring alignment with the Five Safes (Trusted Research Environments - HDR UK), determining which functions were truly necessary and how they could be enabled securely. By aligning this process with the existing NHS security infrastructure and the information and communications technology (ICT) teams managing security for the environment, we ensured that our platform met the highest standards for handling identifiable and de-identified clinical data.

Beyond technology, a critical component of this process was governance. Access to de-identified data in the iCARE SDE for WSIC and Imperial datasets was not automatic – researchers had to apply through a Health Research Authority (HRA) compliant process, reviewed by data access committees. These committees, composed of data protection officers, IT professionals, clinicians, academics and community partners representing the public interest, ensured that research proposals were both for patient benefit and aligned with ethical standards. Importantly, access was time-limited, requiring researchers to justify any extensions, ensuring continual oversight and accountability.

In addition to governance, transparency was paramount. Maintaining a data use register allowed for clear documentation of approved projects, reinforcing trust and accountability. This not only satisfied compliance requirements but also reassured the public that research was being conducted responsibly.

A crucial factor in implementing and maintaining this environment has been our close collaboration with technology partners, particularly Accenture and Snowflake. Their security-focused approach aligned with our stringent requirements, ensuring that security wasn’t just an add-on but a foundational principle. Their willingness to take the time to test and validate security controls before sign-off reinforced the robustness of the environment.

This methodical, controlled approach to data access, security, and researcher enablement has created a model that balances the drive for research with the necessity of maintaining a secure and compliant environment. The lessons learned here will continue to shape future developments, ensuring that while researcher access grows, it does so in a way that remains safe, transparent, and sustainable.