Figure 2.

The data staging and access process. Data can enter PIONEER from internal (UHB) and external data providers. At stage 1, data has been cleansed, normalised and sent to UHB in a pseudonymised form. At stage 2, the pseudonymised data is checked, cleansed and undergoes QA/QC by the PIONEER team. From this data, a metadata catalogue is formed, providing high-level data descriptions, which describe the kind of data PIONEER holds. The metadata catalogue is available for researchers to browse. At stage 3, the pseudonymised data is moved to the secure cloud, only accessible by PIONEER team members for further QA/QC processes. If a data request is received, it is reviewed by the Data Trust Committee (DTC) and PIONEER team. The PIONEER team perform a due diligence check and assess the request in terms of risk (see table 1). If the DTC do not support data access, no data access occurs. If the DTC support data access, a data licensing agreement is formed and the exact cut of data required is anonymised, extracted and staged in a bespoke trusted research environment (TRE). At stage 4, this staged and anonymised data can then be accessed by the researchers using specific log on processes and only approved data can leave the TRE (which would be aggregate data and not individual data lines).