Routinely collected data relating to children and young people is invaluable for helping us improve their health outcomes. Researchers and professionals with the right credentials already have legal permission to apply to use health, education, and social care data. The problem is that when they need to work with a large amount of data, perhaps to measure the levels of child mental health in different organisations within a region, it can be difficult to pull it all together because the data they need is scattered across so many diverse sources.

Finding and standardising data is one hurdle, and there can be extra bureaucracy and red tape to navigate too. Creating a trusted research environment (TRE) in a region, like CADRE, will ensure that all the data they need is in one place. All the correct security measures will be there when researchers apply to access data, so there’s no chance of unauthorised access. All the data is properly deidentified, and researchers will be monitored while they’re using the data.

For some kinds of research, researchers want to interact with young people, to either collect more information from them, or to invite them to get involved in a research project, (for example to develop a new psychological therapy). CADRE will be able to help this process. Researchers can search for patients’ anonymous records to find patients suitable for their study, without needing to know who they are. If the young person and their guardian has given their specific permission for their details to be released to researchers, this can be allowed.

Finally, it’s important that research relates to everyone in the UK community. However, pooling data in one place makes it more sensitive to attack. The CADRE Network consists of CADRE databases that include data from only a small region, such as Cambridgeshire and Peterborough. By using new technology called ‘privacy preserving federated analytics’’, it is now possible for the different CADRE sites to collaborate on data analysis without sharing raw data. CADRE sites will also be able to collaborate with other approved institutions in the future too, such as universities or other research databases. This new approach fits well with privacy regulations (such as GDPR (General Data Protection Regulations)) by minimising data movement and protecting individual’s privacy.

CADRE helps young people take part in research, and it means that when they get asked to take part in research studies, those studies are likely to be relevant to them. This helps researchers identify participants for studies faster, speeding up the process of finding answers to important medical questions.

CADRE will allow researchers to understand healthcare needs better, by building a bigger picture around the problems children and young people face, how they are getting on at school and any social problems that might be affecting their area. This will help us to come up with better solutions, and to understand which types of treatments and support are most effective. It should also help local service providers distribute their funding where it’s needed most, and to the right people.

From a public perspective, CADRE will allow healthcare research about children and young people to happen faster, and in a more cost-effective way. It will also make it relevant to more people, and more inclusive as researchers will be able to use information taken from a larger number of databases. The result should be better quality research leading to improved healthcare.

1. Local services agree to share their data about children and young people with CADRE

2. Information that can identify a person (such as names, addresses, NHS numbers) is removed from clinical data while it is still in local services.

3. Once the de-identification has been checked, the de-identified datasets are securely fed into the CADRE database.

4. The data is linked together and securely stored.

5. Within CADRE, data is converted into a common format and organised so researchers can use it more easily.

6. Separately, the identifiers – which will be needed to re-identify a person in specific circumstances – are also securely fed into the CADRE database and stored in a distinct environment which will never be accessible to researchers.

7. A researcher sends a request to use relevant data for a project, based on a specific research question.

8. Access to the de-identified database will be granted to researchers under very specific circumstances through a screening process.

9. If the project is approved, the researcher is given limited access those areas of the de-identified database they need for their project and given training on how to use it properly.

10. Approved researchers, to further their understanding, will search the database for de-identified records meeting their inclusion criteria to request re-identification. The consent of the child or their parent/guardian will be sought before the researcher can view the child’s clinical records and contact the family

CADRE is a database of linked, de-identified records. The records are put through a software tool called CRATE (Clinical Records Anonymisation and Text Extraction), which removes information that might identify an individual, such as their name, NHS number or address.

Researchers may use CADRE to identify patients who meet specific criteria for taking part in research projects. For example, a researcher may want to find people who are experiencing specific symptoms of their illness and then invite them to a drug trial designed to address those symptoms. Patients whose data exists in CADRE will be able to use a flagging system to indicate whether they want to be contacted about such research opportunities.

Patients may choose:

– to consent to all requests in advance (“GREEN”) and in that case the researcher will be able to contact them directly,

– to consider all requests on a case-by-case basis via their clinical team (“YELLOW”) so their clinician will be the first point of contact,

– or to refuse all requests in advance (“RED”).
Any patient whose preference is unknown may only be approached via their clinical team, as “YELLOW” will be assumed by default in such a case.

The data will be stored in secure digital infrastructure provided by an SDE (secure data environments) provider accredited by both the NHS and the project team. Once a user is granted permission to access data for their project, a sub-set of the data is created specifically for them, matching the data requirements for their specific project. Users log in with two factor authentication via a virtual desktop which limits what they can do and see. The ‘cut and paste’ function is disabled, and their activity is monitored. Data can’t be downloaded or saved externally – it can only be kept and viewed within the database.

When a researcher has finished their analyses, they will be able to ask for specific permission to export their aggregated results using a special ‘digital airlock’ facility. Only data which is completely anonymous according to the Information Commissioner’s Office can be downloaded. This means that only tables with summary data and statistical results that relate to five people of more can be downloaded, so it’s not possible to link any results to an individual person.

All data is stored in data centres in the United Kingdom that comply with ISO27001 (including 27017 and 27018), and Cyber Essentials Plus standard. This is the same level of security that the NHS uses. Regular penetration tests are run on the infrastructure and monitoring tools run continuously to try to catch intrusions and incidents.

We use the Five Safes framework, which is a set of principles that allows data services to provide safe research access to data. The framework is considered best practice in data protection and is used by a range of other similar databases across the UK including Health Data Research-UK (HDR-UK) and the National Institute for Health Research Design Service (NIHR). Find out more about the Five Safes framework. The principles are described below.

1. Safe data: data is de-identified to protect patient confidentiality.
2. Safe projects: research projects are approved by data owners for the public good.
3. Safe people: researchers are trained and authorised to use data safely.
4. Safe settings: a SecureLab environment prevents unauthorised access or use.
5. Safe outputs: screened and approved outputs that do not disclose personal data.

There’s more information on the Understanding Patient Data website.

Federated analytics is an approach to data analysis that prioritises individual privacy. This means that organisations or regions will be able to collaborate while continuing data decentralisation. Instead of centralising data, federated analytics means that every participant (region or organisation) can analyse their local data without sharing it directly.

Organisations in different parts of the UK collect data on children’s health, education, and social care. Instead of sharing all the data in one single repository (which could pose privacy risks), federated analytics means that:

– Each region keeps control over its data.
– A central server distributes a partially trained model to each participant.
– Organisations locally train the model using the data they already collect and process (which stays in their existing environment).
– Model updates are combined to create a better global model.

Privacy-preserving federated learning (PPFL) adds another layer of protection which stops sensitive data reconstruction from model updates or outputs.

All organisations joining CADRE must have prior approval from their Caldicott Guardian, Senior Information Risk Owner (SIRO), or an equivalent senior representative.

CADRE has also been involving patient and service user representatives during its development process. It will be overseen by various committees that include patients and clinicians to consider their perspective at both a strategic federated level – that is, how they view things from a broader, unified approach involving multiple organisations or systems working together – and for local access requests.

In addition, CADRE is currently obtaining ethical approval from the NHS East of England – Cambridge Central Research Ethics Committee, part of the NHS Health Research Authority.

Cambridgeshire and Peterborough NHS Foundation Trust (CPFT), who are part of CADRE and already using CRATE within their research database, have obtained approvals from the NHS East of England – Cambridge Central Research Ethics Committee (references 12/EE/0407, 17/EE/0442).

We also expect CADRE to be supported by the UK Confidentiality Advisory Group under the Health Service (Control of Patient Information) Regulations 2002 to preserve confidentiality when accessing confidential information outside of the direct care team without consent, across CADRE and the future data federation.

In compliance with the UK GDPR, data will be processed under:

– Article 6(1)(e) for the performance of a task carried out in the public interest or in the exercise of official authority,

– Article 9(2)(a) when the data subject has given explicit consent to the processing of those personal data for one or more specified purposes,

– Article 9(2)(j) for scientific research purposes.

This is unlikely to be possible, because the information on the database is de-identified, which means we don’t know who the data relates to. We will have a list of organisations who have provided data for the database, though, and you can request a copy of any information they hold about you directly from them.

There is a projects section on the website and as soon as the database is open for applications, the approved projects will be listed along with summaries and details of each one. Publications with the results of these projects will also be included where possible.

– Healthcare data such as information from A&E departments, hospitals, and GP records. This will include information like diagnoses, treatments, test results and care plans.

– Social care and local authority (education) data, which will include information like whether a child is looked after, any safeguarding concerns and any contact with early help services. Education data will include information like attendance, attainment and if a young person has an Education, Health and Care plan (EHCP).

We need to use social services and local education authority data to help researchers get a more holistic view of what’s really going on. Healthcare data alone only tells part of the story – there’s more to a person’s health than what their doctor knows about them.

All data will be de-identified, which means that there will be no identifying information available to researchers.

Approved researchers will be allowed to use the data if they pass the Data Access Committee review. Examples of research projects could include clinical trials, population studies and health service improvement studies, as well as for developing digital innovations using artificial intelligence (AI) and machine learning. To access the data, researchers will need to go through a rigorous application process overseen by our Data Access Committee consisting of experts in the research area, experts in research methods and ethics, youth advocates, parents/guardians, and members of the public.

CADRE data may be used by companies who are doing research for public good, for example, a pharmaceutical company who is carrying out a trial of a new drug, or a technology company that is developing a new digital psychological therapy. All projects used by companies go through the same rigorous approvals process as any other project and will have to show that the project is for direct patient benefit.