One year on: The latest on our Secure Data Environment

Liz Gaffney, Head of NHS England's Secure Data Environment, reflects on the developments of the service one year on.

In January, Michael Chapman blogged about our ambitious plans for the NHS England Secure Data Environment (SDE), starting with migrating customers to the service, testing its capabilities and processes, and then scaling up the service to handle wider use.

One year on from our SDE

We’ve made good progress. This is an update on where we are up to:

1. Establishing a network of SDEs

The NHS England Secure Data Environment isn’t the only NHS SDE. We’re part of a fast developing  NHS Research SDE Network. It is funded by the Data for Research and Development Programme and includes sub-national SDEs that, collectively, cover all of England. You can read more about them on the Health Data Gateway, which has been built in collaboration with HDR UK.

2. Moving toward access by default

Last year, the Department of Health and Social Care’s Data Saves Lives strategy established SDEs as the primary way that NHS data for secondary uses – in other words, for purposes other than the individual care of the patient – will be accessed in the future. That includes using data for research and planning purposes.

Further detail was published in the recent Data Access Policy update in October 2023. This confirmed a shift from ’data sharing‘ to ’data access‘ through SDEs and information on the scope of the policy and where data sharing is expected to continue in the longer term.

We will not turn off data extracts overnight and the transition will be phased. The next data access policy update is due to be published in early 2024 and will include more details on the transition to data access by default.

3. Delivering NHS England’s SDE

Over the past year, we successfully migrated our 6 existing customers to the new environment and onboarded 2 new customers.

The migrations have allowed the team to test capabilities and processes and to ensure our service meets all relevant standards before scaling up for wider use. In November, we met all Government Digital Service standards during a beta assessment. This means we can now confidently onboard new researchers with approved data sharing agreements.

We have 56 healthcare datasets applicable for the Secure Data Environment. Currently, 23 of these are live and being used by approved organisations within the environment. 23 more datasets have been prioritised to be added next.

Here are examples of current research in the NHS Secure Data Environment (more details can be found in the Data Uses Registers):

  • British Heart Foundation is running population-level analysis on the impact of COVID-19
  • DATA-CAN, the UK’s health data research hub for cancer, is running population-level analysis on the impact of COVID-19 on cancer patients
  • National Institute for Health and Care Excellence (NICE) is using the SDE to scope, develop and review guidance, assess impact of NICE products, improve access to the newest treatments and advice for patients
  • Department for Health and Social Care is using the SDE to better understand emerging challenges such as pressures on the system and to inform policy
  • Evidera is understanding the unmet need of vulnerable populations in the prevention and treatment of COVID-19 and to inform assessment and usage guidance for Evusheld – a medicine authorised for COVID-19 prevention

Feedback from organisations using the SDE has been overwhelmingly positive about our customer support and onboarding experience. This is a testament to the hard work of everyone involved in the migration.

But we’re not resting on our laurels. We’re working closely with users to continually improve the service.

4. Accelerating approved access

We know the faster we onboard approved researchers onto the SDE, the quicker ground breaking research can start. The team is working hard to speed up this process, learning from the quick onboarding of Evidera. It took just 1 month following the approval of Evidera’s data sharing agreement to define cohorts, confirm required data sets and input the data for their use.

We’ve identified areas for automation throughout the service and recently launched a new user induction tool to speed up user onboarding. In the past, we had to schedule specific time slots to train research teams, but now users can complete their training at their own pace. Users have access to guides and video tutorials, followed by a 10-minute comprehension assessment focussed on protecting data in the SDE. Once they’ve passed the assessment, researchers get login credentials and can begin their work. Users can return to the tool anytime for a refresher or to feedback on improvements to the process.

5. Linking data sets in the SDE

A key demand from researchers has been to be able to securely link data within our SDE.

We’ve taken a significant step towards this capability by allowing teams to bring ‘reference data’ into our environment. Reference data does not include individual patient-level data or personally identifiable data, but it does include data that can be used to classify, sort or better interpret data records. For example, a research team might want to import reference data to translate SNOMED CT codes into meaningful English (‘414292006’ might become ‘fracture of lower leg’).

Getting contextual data into the SDE is a simple process. Once we get the file, it’s checked by the SDE team to make sure it aligns with the data sharing agreement and that there is no personally identifiable information in the data. We also check whether it is compatible with the SDE requirements. If it passes all the checks, it is available to the user within the SDE.

We are working to expand the scope and capabilities of the platform to accommodate larger file sizes.

6. Reviewing our charges

We operate on a cost recovery basis. The charge to access NHS England’s SDE covers the cost of processing data and of delivering the environment itself. This ensures essential funding is not diverted from the front line.

Currently, there is one cost recovery model for all organisations, including a fixed charge for set-up followed by a monthly user cost. We are reviewing the fixed set-up charge because, as mentioned above, we can now automate some processes.

We’re looking at the 4 principles set out in the Value Sharing Agreement for NHS Data Partnerships in July. These are:

  1. The cost of access to data should not prevent good use of data.
  2. The NHS will always charge a fee for accessing health data.
  3. The cost of access should depend on how data is being used.
  4. The NHS should share in the value created by its data.

We believe these principles are relevant to our cost recovery model and expect to update our pricing in line with them.