RELEASE-AI: Protecting Sensitive Data Across The AI Lifecycle Disclosure Risks and Mitigations in Trusted Research Environments

Alba Crespi Boixader; Simon Li; James Liley; Laura Ward; Christian Cole; Jim Smith

RELEASE-AI: Protecting Sensitive Data Across The AI Lifecycle Disclosure Risks and Mitigations in Trusted Research Environments

Alba Crespi Boixader
, Simon Li
, James Liley
, Laura Ward
, Christian Cole
, Jim Smith

Research output: Contribution to conference › Poster

29 Downloads (Pure)

Abstract

Trusted Research Environments (TREs) provide secure access to personal and sensitive data, such as Electronic Healthcare Records (EHRs), for approved research. The increasing use of Artificial Intelligence (AI) and Machine Learning (ML) in health research introduces new challenges for managing privacy risks of individuals’ data. We present a comprehensive framework that embeds mitigation strategies throughout the entire AI project lifecycle, structured across six project phases: design, governance, development, evaluation, disclosure control, and release.

This framework aims to empower all stakeholders - researchers, project teams, output checkers, and TRE staff - with clear, phase-specific recommendations on which measures and checks are necessary before model release to help identify potential disclosure risks to data. It promotes early identification of risks with corresponding mitigations and ensures responsibilities are clearly assigned to relevant actors at each stage, from initial planning through to deployment and monitoring. Mitigation strategies include good AI/ML practices, both in terms of code and documentation, privacy-enhancing techniques during training and evaluation, restricting model access via secure query systems, licencing agreements, and adversarial attack testing using tools like SACRO-ML. This process highlights the need to train everyone involved appropriately with relevant role-specific material.

A novel tiering system for disclosure control is proposed, categorising AI projects based on the likelihood of attack and associated sensitive data leakage risks. By integrating a lifecycle-focused risk management process with a scalable disclosure control tiering system, this approach enables innovative AI research while maintaining rigorous data protection standards and public trust.

Original language	English
Publication status	Published - 23 Sept 2025
Event	Data and Digital Health: Scotland Cross-Sector Hub Event 3 - COSLA, Verity House, Edinburgh, United Kingdom Duration: 23 Sept 2025 → 23 Sept 2025 https://www.tickettailor.com/events/nhsresearchscotland/1786651

Workshop

Workshop	Data and Digital Health
Country/Territory	United Kingdom
City	Edinburgh
Period	23/09/25 → 23/09/25
Internet address	https://www.tickettailor.com/events/nhsresearchscotland/1786651

Keywords

Trusted Research Environment
Machine Learning
Artificial Intelligence
Release
Disclosure Control

ASJC Scopus subject areas

Health Informatics

Access to Document

Final Published VersionFinal published version, 2.04 MBLicence: CC BY-SA

DARE Transformational Programme
Cole, C. (Investigator)
1/03/25 → 31/03/27
Project: Research

2 Other report
1 Conference contribution
1 Poster
1 Preprint

Practical guide to Artificial Intelligence risks and mitigations for Trusted Research Environments and the RELEASE-AI framework
Crespi Boixader, A., Li, S., Liley, J., Ward, L., Cole, C. & Smith, J., 15 Oct 2025.
Research output: Contribution to conference › Poster

Open Access
File
SACRO: Semi-Automated Checking of Research Outputs
Cole, C., Smith, J., Albashir, M., Bacon, S., Butler Cole, B., Caldwell, J., Crespi Boixader, A., Green, E., Jefferson, E., Jones, Y., Krueger, S., Liley, J., McNeill, A., O'Sullivan, K., Oldfield, K., Preen, R., Robinson, L., Rogers, S., Stokes, P. & Tilbrok, A. & 1 others, White, P., 6 Nov 2023
Research output: Book/Report › Other report
GRAIMatter: Guidelines and Resources for AI Model Access from TrusTEd Research environments
Jefferson, E., Cole, C., Crespi Boixader, A., Rogers, S., Roche, M., Ritchie, F., Smith, J., Tava, F., Daly, A., Beggs, J. & Chuter, A., 25 Aug 2022, Conference Proceedings for International Population Data Linkage Conference 2022. 3 ed. Vol. 7.
Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Open Access

Health Informatics Centre
Health and Clinical Services
Facility/equipment: Facility

Cite this

@conference{fb1cfc0e01404d1892ca4865c2b82d48,

title = "RELEASE-AI: Protecting Sensitive Data Across The AI Lifecycle Disclosure Risks and Mitigations in Trusted Research Environments",

abstract = "Trusted Research Environments (TREs) provide secure access to personal and sensitive data, such as Electronic Healthcare Records (EHRs), for approved research. The increasing use of Artificial Intelligence (AI) and Machine Learning (ML) in health research introduces new challenges for managing privacy risks of individuals{\textquoteright} data. We present a comprehensive framework that embeds mitigation strategies throughout the entire AI project lifecycle, structured across six project phases: design, governance, development, evaluation, disclosure control, and release. This framework aims to empower all stakeholders - researchers, project teams, output checkers, and TRE staff - with clear, phase-specific recommendations on which measures and checks are necessary before model release to help identify potential disclosure risks to data. It promotes early identification of risks with corresponding mitigations and ensures responsibilities are clearly assigned to relevant actors at each stage, from initial planning through to deployment and monitoring. Mitigation strategies include good AI/ML practices, both in terms of code and documentation, privacy-enhancing techniques during training and evaluation, restricting model access via secure query systems, licencing agreements, and adversarial attack testing using tools like SACRO-ML. This process highlights the need to train everyone involved appropriately with relevant role-specific material. A novel tiering system for disclosure control is proposed, categorising AI projects based on the likelihood of attack and associated sensitive data leakage risks. By integrating a lifecycle-focused risk management process with a scalable disclosure control tiering system, this approach enables innovative AI research while maintaining rigorous data protection standards and public trust.",

keywords = "Trusted Research Environment, Machine Learning, Artificial Intelligence, Release, Disclosure Control",

author = "\{Crespi Boixader\}, Alba and Simon Li and James Liley and Laura Ward and Christian Cole and Jim Smith",

year = "2025",

month = sep,

day = "23",

language = "English",

note = "Data and Digital Health : Scotland Cross-Sector Hub Event 3 ; Conference date: 23-09-2025 Through 23-09-2025",

url = "https://www.tickettailor.com/events/nhsresearchscotland/1786651",

}

TY - CONF

T1 - RELEASE-AI

T2 - Data and Digital Health

AU - Crespi Boixader, Alba

AU - Li, Simon

AU - Liley, James

AU - Ward, Laura

AU - Cole, Christian

AU - Smith, Jim

PY - 2025/9/23

Y1 - 2025/9/23

N2 - Trusted Research Environments (TREs) provide secure access to personal and sensitive data, such as Electronic Healthcare Records (EHRs), for approved research. The increasing use of Artificial Intelligence (AI) and Machine Learning (ML) in health research introduces new challenges for managing privacy risks of individuals’ data. We present a comprehensive framework that embeds mitigation strategies throughout the entire AI project lifecycle, structured across six project phases: design, governance, development, evaluation, disclosure control, and release. This framework aims to empower all stakeholders - researchers, project teams, output checkers, and TRE staff - with clear, phase-specific recommendations on which measures and checks are necessary before model release to help identify potential disclosure risks to data. It promotes early identification of risks with corresponding mitigations and ensures responsibilities are clearly assigned to relevant actors at each stage, from initial planning through to deployment and monitoring. Mitigation strategies include good AI/ML practices, both in terms of code and documentation, privacy-enhancing techniques during training and evaluation, restricting model access via secure query systems, licencing agreements, and adversarial attack testing using tools like SACRO-ML. This process highlights the need to train everyone involved appropriately with relevant role-specific material. A novel tiering system for disclosure control is proposed, categorising AI projects based on the likelihood of attack and associated sensitive data leakage risks. By integrating a lifecycle-focused risk management process with a scalable disclosure control tiering system, this approach enables innovative AI research while maintaining rigorous data protection standards and public trust.

AB - Trusted Research Environments (TREs) provide secure access to personal and sensitive data, such as Electronic Healthcare Records (EHRs), for approved research. The increasing use of Artificial Intelligence (AI) and Machine Learning (ML) in health research introduces new challenges for managing privacy risks of individuals’ data. We present a comprehensive framework that embeds mitigation strategies throughout the entire AI project lifecycle, structured across six project phases: design, governance, development, evaluation, disclosure control, and release. This framework aims to empower all stakeholders - researchers, project teams, output checkers, and TRE staff - with clear, phase-specific recommendations on which measures and checks are necessary before model release to help identify potential disclosure risks to data. It promotes early identification of risks with corresponding mitigations and ensures responsibilities are clearly assigned to relevant actors at each stage, from initial planning through to deployment and monitoring. Mitigation strategies include good AI/ML practices, both in terms of code and documentation, privacy-enhancing techniques during training and evaluation, restricting model access via secure query systems, licencing agreements, and adversarial attack testing using tools like SACRO-ML. This process highlights the need to train everyone involved appropriately with relevant role-specific material. A novel tiering system for disclosure control is proposed, categorising AI projects based on the likelihood of attack and associated sensitive data leakage risks. By integrating a lifecycle-focused risk management process with a scalable disclosure control tiering system, this approach enables innovative AI research while maintaining rigorous data protection standards and public trust.

KW - Trusted Research Environment

KW - Machine Learning

KW - Artificial Intelligence

KW - Release

KW - Disclosure Control

M3 - Poster

Y2 - 23 September 2025 through 23 September 2025

ER -

RELEASE-AI: Protecting Sensitive Data Across The AI Lifecycle Disclosure Risks and Mitigations in Trusted Research Environments

Abstract

Workshop

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Projects

DARE Transformational Programme

Research output

Practical guide to Artificial Intelligence risks and mitigations for Trusted Research Environments and the RELEASE-AI framework

SACRO: Semi-Automated Checking of Research Outputs

GRAIMatter: Guidelines and Resources for AI Model Access from TrusTEd Research environments

Equipment

Health Informatics Centre

Cite this