Healthcare professional and patient talking and having coffee

Why health data matters 

Every time you visit an NHS service, important information is recorded about the care you receive – such as test results, medicines prescribed and the dates of hospital stays or procedures.  

On its own, this information is used to support your care. But when this information is safely brought together with data from lots of other patients (without personal details like your name, date of birth or address), it can help researchers and the NHS to: 

  • Spot health patterns early – for example, researchers could analyse whether more people in one community are developing type 2 diabetes at a younger age, so the NHS can introduce prevention programmes earlier. 
  • Improve treatments – by checking whether new cancer drugs work well for patients from different backgrounds and of different ages. 
  • Plan services better – such as understanding where more ambulance support or stroke care is needed. 
  • Tackle health inequalities – by showing where some groups may not be receiving the same level of care as others. 

Research using patient data can improve healthcare for everyone. 

What is a Secure Data Environment (SDE)? 

Think of an SDE like a locked digital room for NHS data. Researchers can use this secure digital ‘room’ to study anonymous NHS data with special controls in place to prevent misuse. This means the information always stays in one protected place and cannot be taken away. 

Across England, there is one national SDE supporting access to standardised national datasets, and a network of regional NHS Secure Data Environments able to access varied and more bespoke data requests. This ensures research can be carried out safely, consistently, and to the same high standards wherever you live. 

The East of England SDE 

Our regional SDE is hosted by Cambridge University Hospitals NHS Foundation Trust and delivered in partnership with Cambridge University Health Partners and Health Innovation East. Working together we have made it possible for researchers to securely bring together information (with personal details removed) from participating NHS hospitals across the East of England. With future aspirations to include different types of data (e.g. images), disease specific registries, and consented research data.  

The original patient record always stays with your NHS care providers. The SDE only uses the data required to support specific approved studies which is anonymised before researchers access it in the SDE to protect your privacy. 

We know how important it is to protect the information patients and the public entrust to the NHS. That’s why we’ve built the East of England (EoE) SDE on a foundation of security, governance, and trust

The East of England SDE follows something called the Five Safes framework – a set of principles designed to ensure that data are kept safe and private: 

  1. Safe people – only trusted researchers, from approved organisations, can use the SDE. They prove their identity with secure checks through a validation process (see Figure 2). Only trusted organisations and researchers can use the EoE SDE. Organisations are checked and listed publicly. Researchers from these organisations complete training, agree to rules, and have their identity confirmed before access. 
  2. Safe projects – each research project must be approved, and only the minimum information needed is provided to the researchers in the SDE. Every research project is checked by an independent Data Access committee, including experts and members of the public, to make sure NHS data is used responsibly and for public benefit. All approved projects are listed on the EoE SDE website for transparency. 
  3. Safe settings – researchers work in a secure online space in the SDE where data stays protected inside secure systems certified to ISO 27001, the internationally recognised standard for information security. The East of England SDE recently passed its ISO 27001 audit with no non-conformities, confirming that it meets strict requirements for protecting sensitive data. 
  4. Safe data – Personal details are removed, and extra steps (such as converting dates of birth into age ranges) add further protection. This ensures that data is anonymised and privacy is safeguarded. 
  5. Safe outputs – only anonymous summaries, charts, or statistics leave the system, and these are carefully checked to ensure no personal information is included. 
Graphic showing the Five Safes Framework

Figure 1: Adapted from the Five safes framework  

The SDE is designed to give approved researchers the tools they need to conduct approved research aimed at improving care and patient outcomes, while ensuring your data stays safe, private, and protected at all times. 

The SDE runs on Amazon Web Services (AWS) – one of the world’s most trusted and secure cloud platforms (2025). 

To keep data safe and trustworthy, our environment combines robust security measures with rigorous standards: 

  • Strong digital protections: Data is secured with encryption both when stored or moved, strict access controls, continuous monitoring, and regular audits. 
  • High standards: All operations follow strict healthcare and government requirements to ensure safety, privacy, and reliability. 

Together these create a clear ‘shared responsibility’ model (2025) – AWS keeps the infrastructure safe, and we make sure the data within it is secure and used appropriately, by the right people for the right purpose. 

 Everyone has a role to play in making it possible for data to be used securely and responsibly while supporting high-quality research. Each part of our organisation contributes to this shared goal: 

  • Platform Engineering: Designs, maintains, and strengthens the technical infrastructure that keeps data safe, private, and available only to authorised users. 
  • Data Access & Contracting: Manages secure access to data, ensuring all research complies with governance standards, legal requirements, and ethical principles. 
  • Customer Business Development: Builds partnerships that use data for the public good, while maintaining the highest standards of security and integrity. 
  • Data Lifecycle Management: Oversees how data is stored, maintained, and used throughout its life — ensuring accuracy, consistency, and secure handling at every stage. 
  • Business Operations: Provides the planning, processes, and oversight that keep everything running smoothly, supporting efficiency, accountability, and continuous improvement. 
  • Project Management: Coordinates activities across teams, ensuring projects are delivered efficiently, securely, and in line with strategic priorities that serve the public good. 
  • PPIE & Communications: Builds public trust by ensuring transparency, involving people in decision-making, and keeping communities informed about how data is used for public benefit. 
  • Service Desk: Provides responsive support to researchers and partners, helping them work safely within secure systems and ensuring issues are resolved quickly and effectively. 

Together, these teams make it possible for data to be used safely, transparently, and for the benefit of everyone

Who can access the data? 

The right researchers, for the right reasons 

Before researchers can work within the EoE SDE, both they and their organisations need to be validated. Organisations register with the SDE Network and may undergo checks by a national committee made up of representatives from across the NHS SDEs and NHS patient representatives. Once validated and a formal agreement is signed, the organisation is added to a national public register of approved organisations. 

Researchers from validated organisations then register individually. At present, users are validated locally, but a national user validation process is being piloted. In the new model, researchers will be vouched for by their organisations, complete training, sign the Terms of Use, and have their details verified by the SDE Network before gaining access. 

Once validated, users can safely explore data for feasibility studies and request data services within SDEs. Every research project is still reviewed by an independent Data Access Committee, (DAC) which includes experts and members of the public, to ensure that NHS data is used safely, ethically, and for public benefit. 

Figure 2: Flowchart of SDE Network Validation Process 

Keeping Access Under Control 

Within the SDE, there are further controls to control data use to protect security and privacy. We achieve this through: 

  • Data minimisation: Approved researchers can only access the specific information needed for their study, and all personal identifiers are removed. This limits exposure and reduces risk while still enabling valuable research. 
  • Multi-Factor Authentication (MFA): One time code challenge is required as a secondary security validation when accessing the platform both for research and engineering tasks. 
  • Data separation: Each project has a separate area in the SDE. Even if a researcher has two approved projects, data cannot be moved between areas. This prevents combining of data that might make it possible to identify people. 
  • Data entry and exit control: Approved data is moved into the SDE through an ‘airlock’ that will only release data that has had identifying information removed.  Similarly, information leaving the SDE is checked and only released to the researcher if it contains no identifying information. This includes human evaluation of the extracted data. 
  • Regular audits: Access rights are reviewed to prevent unnecessary or outdated permissions. 

What researchers can and can’t do 

  • They can only analyse data inside the secure environment. 
  • They can use tools provided in the environment. 
  • They can ask to bring their own code or tools once the data/tools have been checked. 
  • They can’t copy, delete, change or download raw data. 
  • They can’t combine data from more than one project. 
  • Summary results that pass strict checks can leave the SDE. 
  • Code developed during the project can be exported but is subject to checks. 

How the platform itself is kept safe 

Protecting Data at Every Step 

Your information is protected whether it’s being stored, transferred, or analysed: 

  • Encryption: All data is encrypted at rest and in transit. 
  • Secure storage: NHS data in the SDE cannot be publicly accessed. 
  • Safe transfers: Tools like AWS Data Sync ensure information moves securely between storage locations. 

Continuous Monitoring and Assurance 

The EoE SDE uses advanced monitoring tools to detect and respond quickly to potential threats: 

  • Threat detection with AWS Guard Duty. 
  • Centralised logging so every action is traceable and accountable. 
  • Rapid response to alerts, with issues resolved within strict timelines. 

Governance and Accountability 

Security isn’t just about technology — it’s also about people and processes. That’s why there are: 

  • Policies aligned with ISO 27001 (the international security standard). 
  • Training for all users, ensuring they understand their role in keeping data safe. 
  • Clear incident reporting processes so any concerns are dealt with quickly and transparently. 

Real-life project examples 

Here are two projects already using the EoE SDE – bringing real health benefits: 

  1. Predicting hospital re-admission for heart failure: 
    A team led by Professor Angela Wood at the University of Cambridge is using the SDE to analyse data from patients treated for heart failure across the region. Their aim is to build a tool that helps doctors figure out who is at higher risk of returning to hospital within 30 days – so patients can get extra support or more personalised care before leaving hospital. This could help reduce avoidable re-admissions. 
  2. Building a real-world cancer dataset for research:
    The “Real-World Data Curation of Cancer in the UK” project is creating a detailed, anonymised dataset using cancer patient records from Cambridge University Hospitals. It will help researchers understand how cancer treatments are used in everyday practice, pinpoint patient groups who might be under-represented in clinical trials and improve our understanding of outcomes in different communities – informing better treatment options for all. 

How this benefits people in the East of England 

By turning health information into insights – without identifying anyone – the East of England SDE helps to: 

  • Prevent illness before it starts – spotting early warning signs of conditions like heart disease. 
  • Make treatments more effective – by showing which approaches work best for different people. 
  • Support local NHS services – for example, helping plan where to provide more cancer screening or urgent care. 
  • Give the public a voice – members of the public help decide which research is safe and worthwhile. 

Beyond understanding how your data is protected, it’s also important to know the choices you have. 

Your choice matters 

You can choose whether your information is used for research and planning beyond your individual care. If you decide to opt out, your personal data will be excluded from any data used, or studies undertaken in the Secure Data Environment (SDE).  

  • Opting out will not affect the treatment or care you receive. 
  • If you don’t opt out, only anonymised information (with personal details removed) may be used to support research that helps improve healthcare. 

There are two options for opting out: the national data opt-out or the East of England SDE  

If you’re happy for your de-personalised NHS data to be used for approved research through the East of England Secure Data Environment (SDE), you don’t need to do anything. 

If you do not want your data used for research through the East of England SDE, you have two choices: 

East of England SDE Opt-Out

  • Stops your data being used for research within the East of England SDE. 
  • It may still be used for research in other regions. 
  • Applies to future projects only, not past research. 
  •  You can make or change this choice by contacting the SDE team by phone or email (cuh.eoe.sde@nhs.net) or by going to the website: http://www.eoesde.org/opt-outhttps://www.eoe-securedataenvironment.nhs.uk/public.html#information-for-the-public-more-information-about-the-sde 

National Data Opt-Out (NDOO)

  • Prevents NHS England and other health and care organisations from sharing your personal data for research and planning (except when required by law). 
  • You can set this preference online or by contacting NHS England. 
  • No action is needed if you’re happy for your data to be used for approved research. To review or change your choice: visit: https://www.nhs.uk/your-nhs-data-matters/ or scan the QR code 

Supporting vital research, together 

Security and trust depend not only on systems, but also on transparency and user choice. The EoE SDE is all about improving health and care while protecting your privacy. By keeping information safe, anonymised, and under public oversight, we can make sure that health data is used responsibly – turning everyday NHS records into research that saves lives. 

References 

AWS, 2025. Cloud Security – Amazon Web Services (AWS) Accessed 13th November 2025.  

AWS, 2025. Shared responsibility model. Shared Responsibility Model – Amazon Web Services (AWS) Accessed: 13th November 2025.