TREs and data access

What are Trusted Research Environments (TREs)?

Trusted Research Environments, or TREs, are highly secure computing environments through which approved researchers can access de-identified data and work on approved projects of public benefit. Within Scotland, TREs are often referred to as data safe havens while in other nations, TREs are sometimes known as secure data environments.

TREs provide a single location for researchers to access datasets securely and perform their analysis using a range of software and tools. This enables secure, efficient, collaborative and cost-effective research. Data cannot be downloaded or extracted from TREs and must be analysed within the TRE’s secure environment. By making datasets available through a TRE, members of the public can be confident that their personal data will be accessed in a secure way that ensures their privacy is protected.

More information about TREs is available through HDR UK. Head over to our “research data security” page to read more about how data is safeguarded using the Five Safes Framework both within TREs and in wider research practices involving the use of public sector data. 

The Scottish National Safe Haven

The Scottish National Safe Haven (NSH) is a governed TRE for accredited researchers to work on approved projects of public benefit using sensitive data. The Scottish NSH offers a high-powered computing service, secure analytic environment, secure file transfer and a range of analytic software including SPSS, STATA, SAS, and R.

The Scottish NSH secure infrastructure is operated by the University of Edinburgh’s EPCC and the service is controlled by Public Health Scotland (PHS) with the oversight of Scotland's Public Benefit and Privacy Panel. The eDRIS team within PHS supports researchers with applying for permissions and access to secure public sector data within the Scottish NSH.

Most projects using population level Scottish data store their data in the NSH. For studies involving health data, researchers can access data securely through the NSH or any of the four accredited regional safe havens below. For studies not involving health data, it is expected that all users will be asked to use the Scottish NSH.

Find out more about using the Scottish National Safe Haven on the eDRIS website.

Regional safe havens

The agreed principles and standards to which the regional safe havens are required to operate are set out in the Charter for Safe Havens in Scotland (2015). There are four Scottish regional safe havens (TREs), which provide access to local health data:

• Grampian Data Safe Haven (DaSH) (Aberdeen) – A trusted research environment established by the University of Aberdeen and NHS Grampian to allow for the secure processing and linking of health, social care and other administrative data for the Grampian and Scottish population.
• Health Informatics Centre (HIC) (Dundee) – A TRE for the Scottish Government and the NHS Tayside, NHS Fife and NHS Forth Valley Health Boards delivering secure, research-managed access to data under robust governance control.   
• DataLoch (Edinburgh) – Developed in partnership by the University of Edinburgh and NHS Lothian, DataLoch supports health and social care priorities by bringing together health and social care data for the South-East Scotland region and provides safe access to data for researchers. 
• West of Scotland Safe Haven (Glasgow) – A collaboration between NHS Greater Glasgow & Clyde (NHSGGC) Research & Innovation and the Robertson Centre for Biostatistics, the West of Scotland Safe Haven provides a secure environment for hosting data projects and providing data linkage services to diverse NHS Scotland health data sources.

More information on the services offered through each regional safe haven (for example, data linkage) is available on the individual websites listed above. Other data centres across the UK provide their own TREs, for example the Office for National Statistics (ONS) Secure Research Service and the UK Data Service Secure Lab.   

Accessing TREs

To gain access to a TRE, researchers must have appropriate approvals in place for their projects and must be named in the data access application and/or data sharing agreement. Access to TREs will vary on a case-by-case basis depending on the types of datasets a researcher requests as well as the associated permissions. eDRIS will assist researchers with access to the appropriate TRE. 

Gaining approval

Approval for accessing TREs will depend on the data a researcher has requested. In Scotland, approvals are commonly sought via: 

• Health and Social Care PBPP 
• Statistics PBPP 
• Local Authority 
• Single Scottish Health Board 
• Data controller of UK audit dataset 

Approval is granted through either an approval letter or a Data Sharing Agreement clearly stating that the data controller is willing to share the data with the researcher. 

Remote access

Subject to gaining the necessary approvals, there are various options for researchers to gain secure access to datasets remotely through digital safe settings – controlled online portals with enhanced security measures to prevent unauthorised use. In some cases, researchers will be granted remote access to a TRE using a virtual private network (VPN), with additional security measures including a two-factor authentication process to confirm the researcher’s identity before they can access data.

Remote access methods and requirements will vary between TREs and will depend on the nature of the research project and the data required. For more details on remote access, please contact the eDRIS support team or relevant TRE. 

Physical access

Subject to gaining the necessary approvals, there are several options for researchers to gain physical access to TREs through safe settings – secure facilities that prevent unauthorised use. Physical access will depend on the types of provisions available and how services are set up within a specific TRE.  

A data controller may require that their data is only accessed through a secure access point to ensure data security. A secure access point is a dedicated computer in a physically secure area where no external devices can be used or connected. The secure access point does not connect to the internet, nor can it be accessed remotely.  

Please note, secure access points for the Scottish NSH have been closed since the onset of the Covid-19 pandemic. Some data controllers have permitted remote data access subject to meeting additional criteria and new data access agreements. eDRIS plans to reopen the secure access points at Edinburgh Bioquarter in tandem with the Scottish NSH joining the SafePod Network (see below).  

SafePod Network

Several institutions across the UK provide researchers with secure data access via the SafePod Network, which deploys standardised SafePods, a type of safe setting. While eDRIS is in the process of registering the Scottish NSH with the SafePod Network to increase the number of data access points, you can view which institutions currently provide SafePod access through the SafePod Network website. 

Support for researchers

TREs are operated by trained staff who provide researchers with a range of technical support. The support on offer will vary between TREs and may include: 

• Login help and password resets 
• Analytical support  
• TRE performance issues 
• Data storage issues 
• Providing advanced notice of planned maintenance 
• Overseeing researcher visits to the safe settings rooms  
• Other day-to-day support and guidance 

The eDRIS team within PHS supports researchers applying to access secure Scottish datasets. eDRIS Research Coordinators will guide researchers on using the appropriate TRE for the data they require.  

Data access charges

PHS operates a cost recovery model for the eDRIS team to deliver its services. For more information about access charges, please see eDRIS’s costs of service information.