Good “Trustworthy Research Environments” Work; bad environments are like toxic waste seeping through the data ecosystem. There’s eternal pressure to turn good governance into weak governance so those who don’t qualify today can get data tomorrow.
Every project in every TRE should be listed in a public data uses register, and all of the data available to any project should be publicly listed. NHS England and OpenSAFELY both do this. NHS England has spent the last couple of years building a network of “Secure Data Environments”, partial lists are published of the different data they hold.
There is a tendency for institutions to believe that because they have done something, it must be good, and everything therefore will be fine. This lack of introspection is part of why NHS England is getting abolished; the same thinking applies to the Federated Data Platform.
(Table as at 25 March 2025 – updated table published at GoodTREsWork.com)
| Name | Consensual | Safe | Transparent (how many projects; notes) |
|---|---|---|---|
| National | |||
| NHSE (interactive) | ? variable (partial) | ✅ | ✅ (many; only some) |
| OpenSAFELY | ✅ Yes for GPDOO | ✅ | ✅ (many) (best) |
| MHRA CPRD | Yes (GPDOO & NDOO) | Not yet, but beginning | incomplete (many) |
| Regions | |||
| East of England | ✅ Yes (respects NDOO)(has no GP data) | unclear | ✅ (1) |
| Kent, Medway and Sussex | Unclear? (so no? has GP data) | unclear | ✅ (2) |
| London | ❌ Unstated (so no) | above average | Limited detail (tens) |
| North East and North Cumbria | ✅ Yes (respects NDOO) | unclear | ✅ (2) |
| Thames Valley and Surrey | ❌ No (ignores NDOO; has no GP data) | unclear (possibly no) | No (0) |
| West Midlands | ✅ Yes (respects NDOO; has no GP data) | unclear | ✅ (4) |
| Wessex | ✅ Yes (respects NDOO, has no GP data) | unclear | ✅ (1) |
| Yorkshire and Humber | ✅ Yes (respects NDOO, has no GP data) | unclear | ✅ (many) |
| (as of the 24 March 2025 none of the other regions are listed as operational). | |||
| NHSE’s Federated Data Platform | ❗No (mostly used for direct care – publicly at least, but it is not an informed choice by patients) | Potentially (entirely policy) | ❌ No (but possible) |
| Non-NHS Environments | |||
| ONS Secure Research Service | ❌ No (no for most data, no for most NHS data, but yes for GP Data) | yes | Yes |
| ONS Integrated Data Service | ❌ No (no for most data, no for most NHS data, but yes for GP Data) | Yes | Partial (gov/ONS projects not listed) (24) |
Notes:
- It is unclear how the regional environments make decisions, and how there is accountability between them. In practice they may degrade into a race to the bottom as they run out of funds (as London demonstrates)
- The London SDE has been running for longer than the others, has agreed with their commercial customers to limit what information they make public about projects, and is the only one to not disclose whether opt outs apply to data. It may also have run out of money and stalled after leadership left.
- It is curious that environments have chosen to make the datasets they hold on the “HDR gateway” but publish no information about projects or published papers through the same mechanism…
- Environments relying upon the HDR/DARE designed system would get an immediate “unlikely” on “safe” until an audit had confirmed their entire configuration after every upgrade.
- Regional environments that suggest they will mix direct care with secondary uses and GP data can not do both without significant infrastructure that the regional environments do not possess, so they are either using data on people who have objected, or are excluding people from direct care in breach of the terms of the opt out promised by the NHS.
A list of data sets and associated projects is the basics of transparency, something that seems beyond some of the environments; a stretch goal would be publication of the Patient/Public Involvement slide decks which describe things the project says it did – what did they tell their patient they would do for the support that they then rely on. There will be legitimate changes from discoveries of going through the process, but there are also examples of an environment doing PPI to listen, and citing it to justify doing something materially contradictory. The London regional SDE did some PPI implemented the opposite
Privately owned environments outside of FOI bodies
There are a number of private entities who offer environments for hire. Whether these are consensual, safe, or transparent is an assessment of their customers not the environment providers. Whether there are safe people, safe projects, safe outputs, safe data, or safe settings are entirely down to the customer, but different providers can fail to satisfy the “safe output” or “safe setting” requirements for all of their customers. Commercial environments can only be assessed within the scope of what their customers do, but their customers can not do things the environment doesn’t make possible.Similarly, a commercial environment can only have trustworthy and transparent decision making when subject to Freedom of Information Act laws.
“DNAnexus” powers the environments of Our Future Health and UK Biobank, and is not a “safe” environment – it can not satisfy the “safe output” or “safe setting” for any customer.
The last time we looked, the environment for Genomics England was “safe” and good.