Bookmarks
NHS England Secure Data Environment: Part of the NHS Research SDE Network
Description
The NHS England Secure Data Environment (SDE) is a secure data and research analysis platform. It gives approved researchers with approved projects secure access to NHS healthcare data for healthcare analysis. All patient information in the SDE is pseudonymised. It is part of the NHS Research SDE Network across England.
To access the NHS England Secure Data Environment a valid Data Sharing Agreement is required. Start the process using our Data Access Request Service here: https://digital.nhs.uk/services/data-access-request-service-dars/process
Cost to access: Yes. We use a cost recovery model to calculate the charge to assess the NHS England SDE, which can be viewed here: https://digital.nhs.uk/services/secure-data-environment-service
SAFE People - Login & Access
✓ Applicant Organisations accredited via DSPT" (suggest expanding acronym)
✓ Data Access by Applicant Organisation restricted by Data Sharing Agreement (DSA)
✓ Applicant Organisation responsible for accrediting end users operating under a DSA
✓ End User Access Agreement defines acceptable/expected behaviours
✓ Login: Browser based login using 2FA
✓ International Access: At a technology-level yes. There are direction sharing agreement restrictions on the use of (some) data
SAFE Settings - Compute & Services
✓ Data hosted securely on NHSE-managed Amazon Web Services (AWS) accounts
✓ Dedicated analysis environment provisioned specifically for each Data Sharing Agreement (DSA)
✓ Users operating in one analysis environment have no access to other environments or the public internet
SAFE Settings - Security Certifications and Measures
✓ Automated scanning & benchmarking against Centre for Internet Security guidelines
✓ Static code analysis integrated into build pipelines
✓ Infrastructure monitored 24/7 by NHSE Cyber Security Operations Centre (CSOC)
✓ Dedicated cyber security allocated to support delivery team
✓ Penetration Testing conducted after every significant architectural change
✓ Independent Threat Modelling exercise conducted
✓ Developers with access to production environment are subject to security vetting
SAFE Settings - Software access
✓ Direct access to provisioned data only possible via Databricks platform.
✓ All queries executed via Databricks recorded & auditable in Immuta (access control & auditing component/product)
✓ Code packages/libraries made available in the environment are subject to review / approval process
SAFE Data - Data Access Mechanisms
✓ Data minimised and provisioned in accordance with the approved Data Sharing Agreement (DSA)
✓ Data only accessible from DSA-specific analysis environment; data cannot be transferred between analysis environments
✓ Identifiable fields pseudonymised in accordance with the DSA.
✓ Unique pseudo key used for each DSA (a given value will be represented differently in each agreement)
✓ Fields containing sensitive data removed from data asset prior to data provisioning process
SAFE Outputs - Data Output/export
✓ SDE service allows research (with small number suppression) results to be safely exported. This is via an escrow function manned by NHS England employees who examine the artefacts prior to release to the user – based upon an approved, principles-based disclosure control output policy. Patient / row level data cannot be exported.
✓ Export plans: NHSE are currently exploring a range of safe data outputs types and welcome the opportunity of brining NCS projects into this exploration. We anticipate being able to allow user’s code to be exported in the future.
✓ Data transmit to other SAFE Settings: We do not provide this service at present. However, ad-hoc requests can be considered via a Service Request
✓ Statistical disclosure control process in place