NHS DigiTrials: Clinical Trials

NHS DigiTrials provides safe, authorised access to patient data to help trials reach and benefit as many people as possible. It is made up of 4 services that support clinical trials.

Feasibility: Finds suitable participants Speeds up planning by seeing if there are enough potential people available in England for a clinical trial without identifying individuals.

Recruitment: Recruits the right participants Uses patient information to identify people who might be suitable for a certain trial - and contacts them to see if they would like to take part.

Communications: Keeps participants informed Keeps trial volunteers, who have consented to receive this information, updated about the progress and results of their trial.

Outcomes: Shows long-term impact Provides routinely collected patient information to show the long-term impact of treatments and demonstrate that they are safe and effective.

We use a cost recovery model to calculate the charge to assess all NHS DigiTrials services.

SAFE People - Login & Access ✓ Applicant Organisations accredited via Data Security and Protection Toolkit (DSPT) ✓ Data Access by Applicant Organisation restricted by Data Sharing Agreement (DSA) ✓ Applicant Organisation responsible for accrediting end users operating under a DSA ✓ End User Access Agreement defines acceptable/expected behaviours ✓ Login: Browser based login using 2FA ✓ Worldwide Data Sharing: There are potential restrictions on sharing outside of the current GDPR Adequacy Agreement. Please contact the NHS DigiTrials team with any specific queries.

SAFE Settings - Compute & Services ✓ Data hosted securely on NHSE-managed Amazon Web Services (AWS) accounts

SAFE Settings - Security Certifications and Measures ✓ Automated scanning & benchmarking against Centre for Internet Security guidelines ✓ Static code analysis integrated into build pipelines ✓ Infrastructure monitored 24/7 by NHSE Cyber Security Operations Centre (CSOC) ✓ Dedicated cyber security allocated to support delivery team ✓ Penetration Testing conducted after every significant architectural change ✓ Independent Threat Modelling exercise conducted ✓ Developers with access to production environment are subject to security vetting

SAFE Settings - Software access ✓ Direct access to provisioned data only possible via Databricks platform. ✓ All queries executed via Databricks recorded & auditable ✓ Code packages/libraries made available in the environment are subject to review / approval process

SAFE Data - Data Access Mechanisms ✓ Data minimised and provisioned in accordance with the approved Data Sharing Agreement (DSA) ✓ Data only accessible from DSA-specific analysis environment; data cannot be transferred between analysis environments ✓ Identifiable fields pseudonymised in accordance with the DSA. ✓ Unique pseudo key used for each DSA (a given value will be represented differently in each agreement) ✓ Fields containing sensitive data removed from data asset prior to data provisioning process

SAFE Outputs - Data Output/export ✓ Transfer data securely using Secure Electronic File Transfer (SEFT). More information can be found on Secure Electronic File Transfer (SEFT) user's quick help guide - NHS Digital ✓ Statistical disclosure control process in place