Published October 30, 2024 | Version 1.02
Publication Open

Versatile Trusted Research Environments: An approach for Switzerland

  • 1. ROR icon SIB Swiss Institute of Bioinformatics
  • 2. ETH Zurich
  • 3. ROR icon University of Basel
  • 4. ROR icon University of Lausanne
  • 5. ROR icon Swiss Academy of Medical Sciences
  • 6. Swiss Personalized Health Network

Description

Widespread adoption of versatile Trusted Research Environments (TREs) is essential for conducting research analysis involving sensitive personal data, which plays a pivotal role in advancing research across healthcare, social sciences, and humanities in order to meet societal challenges.

Despite the immense potential of sensitive data analysis, there are substantial risks linked to its use as well as increasing regulatory requirements and scrutiny. Unauthorised access, disclosure, or misuse of this data can have severe consequences for individuals, potentially leading to harm, discrimination, or erosion of trust in the research ecosystem. It may also lead to significant legal consequences for individuals and organisations. These concerns are further amplified by the increasing adoption of distributed computing and cloud technologies, which, while offering benefits, introduce new security challenges.

Based on experience supporting research with sensitive personal data in Switzerland, versatile TREs are the best available solution for addressing the inherent tension between facilitating research with sensitive data and mitigating the risks associated with its use. The BioMedIT TRE has been in production since 2018, bringing together ETH Zurich, the Swiss Institute of Bioinformatics, the University of Basel and the University of Lausanne to deliver a federated, versatile TRE service.

Versatile TREs cater to the diverse and evolving needs of the research community at a reasonable cost, offering flexible and adaptable environments that can accommodate a wide range of research projects. This adaptability is essential in academic research, where the specific data processing requirements may not be fully known in advance.  Relying on less secure alternatives, such as researchers processing sensitive data on personal computers or on less integrated systems poses unacceptable risks to both individuals and institutions. Based on experience delivering TREs for research, we recommend the following:

      Promote TRE Adoption: Organisations should actively encourage the use of TREs for research involving sensitive personal data, potentially through policy mandates.

      Embrace Collaboration: Building and operating TREs requires close collaboration between data providers, researchers, technology experts, legal professionals, and ethical review boards.

      Prioritise Federation: National efforts should focus on federating TREs to avoid duplication, leverage shared resources, and promote harmonised practices.

      Ensure Full-Stack Management: TRE security and compliance require a comprehensive management approach that spans from underlying infrastructure to user engagement and usability.

Experience delivering TREs in Switzerland suggests that beyond technical considerations, building and ensuring trust with the full set of stakeholders, from the public and data subjects through to hospitals, research organisations and funders is perhaps the most important factor in delivering a TRE network. 

Files

VersatileTREs_1.0.2.pdf

Files (859.4 kB)

Name Size Download all
md5:c3d62444ee2c05a56de0d68368dba3a4
859.4 kB Preview Download