Considerations in establishing Trusted Research Environments (TREs) in the Nordics
Author: Hadley E. Sheppard, PhD
Trusted Research Environments (TREs), also known as “Data Safe Havens” or “Secure Data Environments”, are highly secure and controlled computing environments that allow approved researchers from authorised organisations a safe way to access, store, and analyse sensitive data remotely. TREs provide access to data while keeping it safe, secure and accessible, while also promoting collaboration and driving innovation.
TREs are being widely adopted across the world by organisations such as biobanks, governments and health providers, to provide both data accessibility and security. In the UK, for example, the government’s public sector research endeavour, Genomics England, has benefited from the adoption of TREs during the COVID-19 pandemic, where approved researchers could securely access the clinical and genomic data of over 135,000 patients in a secure, cloud-based TRE.
This article focuses on use cases of TREs and potential opportunities for TREs within the biobanking, research and health sectors of countries in the Nordic region as a means to achieve both data accessibility and security. It also highlights the guidance and regulation in establishing these critical data access and compute spaces.
There is an increasing need for secure data sharing within the Nordic region
The Nordic region, composed primarily of Denmark, Estonia, Finland, Iceland, Norway and Sweden, have all made significant contributions to population sequencing and genomics research. Having shared ancestry and highly homogenous populations makes it easier to study disease-associated genetic variants and rare genetic conditions in these populations. Due to this, there has been a high appetite for large-scale population sequencing to inform on personalised medicine in the Nordic countries. Most importantly, there are national strategies, funding initiatives and collaboration initiatives to foster sharing of this data within the Nordics.
An example of the Nordic region’s aim to position itself as a leader in research cooperation and infrastructure was the creation of NordForsk, by the Nordic Council of Ministers in 2005. One of the outcomes from NordForsk was investing NOK 165 million (about USD 15 million) into research efforts in personalised medicine. This effort was in collaboration with national funding agencies from Sweden, Iceland, Denmark, Finland and Norway. Awarded projects from this investment include using personalised medicine in a range of diseases, such as prostate cancer, sleep apnea, inflammatory bowel disease, ischemic heart disease, severe infectious diseases, rheumatoid arthritis, and also generation of new health economic evidence to address important health care decisions.
Being at the forefront of precision medicine is a shared goal of the Nordic countries, and has resulted in the formation of the Nordic Precision Medicine Initiative (NPMI) and development of a roadmap for the precision medicine initiative in this region. These initiatives and strategies have fostered collaboration and data sharing between governments, universities, research organisations and the private sectors. However, sharing of this data poses challenges and considerations, such as having the infrastructure to securely store and share information safely. The combination of wanting to foster collaboration and sharing of data, while keeping data safe and secure, has resulted in the adoption of Trusted Research Environments (TREs) across the Nordics.
Examples of use of TREs/Data Safe Havens with the Nordics
With the increase in genomic research and data, some Nordic countries have already adopted Trusted Research Environments and similar models to be able to securely store the data, while promoting research collaboration. Listed below are some examples:
- Danish National Genome Center (DNGC)
The Danish National Genome Center (DNGC), a government agency and authority established in 2019, was created to implement the Danish Government’s National Personalised Medicine Strategy. The DNGC is deploying a fully on-premise TRE and Data Analysis Platform for managing whole genome and clinical data, within the Center’s national supercomputing cluster. This TRE will ensure a scalable and secure data management and analysis platform for Denmark’s national researchers, clinical scientists and international collaborators. During the first phase of the strategy, the Danish National Genome Center and its collaborators will recruit and sequence whole genomes of 60,000 patients diagnosed with cancer, autoimmune disorders and rare diseases by 2024.
The FinnGen project is a large public-private partnership in Finland launched in 2017, with the aim to collect 500,000 biological samples from participants, which equates to about 10% of the Finnish population. This is not a TRE model, but it is similar in that it is a data environment, where Finnish universities, hospitals and hospital districts, biobanks, international pharmaceutical companies and Finnish citizens can collaborate and progress precision medicine.
- Genomic Medicine Sweden (GMS)
Genomic Medicine Swedenwas founded in 2018 and receives funding from the Swedish Innovation Agency, Vinnova, and regional university hospitals and medical faculties, which established a national genomics infrastructure comprising seven regional centres and aims to to have sequenced 65,000 samples by 2025. GMS collaborates with the 11National Genomics Initiative (NGI) platform, which provides access to next generation DNA sequencing, genotyping and associated bioinformatics support.
Future-looking Nordic initiatives that will recure secure data sharing
The Nordic countries have well-established healthcare systems, biobanks, universities and support from private companies to drive population-level studies. Listed below are national strategies and funding initiatives to further promote personalised medicine in the Nordic regions, resulting in generation of more genomics data that will need to be hosted and shared safely and securely, for example in a TRE.
- The Nordic Council of Ministers’ Action plan for Vision 2030 includes the goal to enable health data to be shared securely and quickly between Nordic countries. It also plans to further contribute to the existing goal of turning Nordic companies into world-leaders in the global life sciences sector.
- Denmark’s governmental agency, Innovation Fund Denmark (IFD), has stated that it will have an investment strategy within personalised medicine as part of its overall health strategy from 2023-25, on top of already funded ongoing projects in personalised medicine.
- Business Finland’s programme on Personalised Health has provided funding of up to EUR 80 million for innovation to various organisations such as start-ups, SMEs, large companies, universities, research organisations, hospital districts and other health care organisations, with the aim to create new businesses around individualised healthcare platforms.
- Genomic Medicine Sweden’s Strategic Plan 2021–2030 includes long-term goals of GMS-analysis of complex diseases and integrated omics in clinical routine, the genomics platform integrated in national clinical studies and advanced AI-based interpretation support on the National Genomics Platform.
- Norway’s national 2023–2030 eHealth strategy includes long-term goals of further developing personalised medicine, which is supported by advanced data analysis. This includes using artificial intelligence and personalised medicine to make clinical and administrative processes more efficient.
Considerations for establishing TREs within the Nordic region
When establishing a TRE within the Nordic region, there are a number of key considerations to ensure that data is safely stored and utilised. Providers of TREs should also be aware and be compliant with region-specific and national legislations relating to health and genomic data.
- Data privacy laws in Nordic countries
- The Nordic countries are subject to General Data Protection Regulation (GDPR) laws, being EU or European Economic Area (EEA) member countries, which lays out how personal information must be used by organisations, businesses and the government. Therefore, establishment of a TRE housing health data in any of the Nordic countries must comply with GDPR. best practices for building a Trusted Research Environment
- European Health Data Space (EHDS) - The European Commission is proposing a regulation for the European Health Data Space - which builds on GDPR and emerges from the European Strategy for Data. It will consist of rules, common standards and practices, infrastructures and a governance framework, with an aim to maximise safe and secure exchange, use and reuse of health data in the EU.
EU Data Act - in final stages, the Act proposed to make data more available for use and rules for who can use and access data. This Act differs from GDPR (which regulates personal data) as it also regulates non-personal data. This Act includes the introduction of the obligation of data from the private sector to be made available to public bodies.
- NIS 2 Directive ((EU) 2022/2555 (known as NIS2), replacing Directive (EU) 2016/1148) - which aims to improve the existing cyber security status across the EU.
- Relevant certifications
ISO27001 - internationally recognised specification for an Information Security Management System (ISMS)
- Data standardisation and interoperability
The European Health Data Space (EHDS) proposes standardisation of electronic health records and health data exchanges. As part of secure data sharing, data needs to be interoperable, particularly when combining data from disparate sources, so that data can be easily used. Therefore, data should be standardised to a common data model, such as the Observational Medical Outcomes Partnership (OMOP) common data model for clinical data. Accordingly, a key consideration would be to standardise data in the common data model that the EHDS implements.
As described above, the use of TREs and Data Safe Havens in the Nordic region has increased in recent years, however, there is scope for continued adoption with the rollout of several precision medicine initiatives and funding. Increased data access and usage of health data from Nordic populations will not only help people and the health and care system in these countries, but will also benefit international research collaborations. Virtually connecting these sensitive datasets, enabling research studies without compromising security, can lead to greater research insights for the benefit of local, national and international populations.
Moving forward, if an organisation is endeavouring to establish a TRE for efficient and secure data access, they will need a well-defined security-by-design and governance framework in place to ensure compliance, in addition to wide-ranging technology capabilities.
Lifebit works proactively with clients, including Genomics England, the Danish National Genome Centre, Boehringer Ingelheim, NIHR Cambridge Biomedical Research Centre, and others to comply with sensitive data requirements. We ensure that organisations can meet and exceed industry standards amidst the changing regulatory and regional landscape - enabling valuable research at scale to improve patients’ lives.
To find out more:
- Read Lifebit’s whitepaper on best practices for building a Trusted Research Environment
- Read Lifebit’s whitepaper on security and data governance
- Read Lifebit’s whitepaper on data standardisation
Book a demo Contact us