Scottish Medical Imaging Service: Technical and Governance controls

Emily Jefferson, Jackie Caldwell, Robert Wallace, Simon Fleming, Rob Baxter, Ruairidh MacLeod, William Kerr, Donald Scobbie, Simon Rogers, Felix Ritchie, Esma Mansouri-Benssassi, Susan Krueger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Downloads (Pure)


The Scottish Medical Imaging (SMI) service provides linkable, population based, “research-ready” real-world medical images for researchers to develop or validate AI algorithms within the Scottish National Safe Haven. The PICTURES research programme is developing novel methods to enhance the SMI service offering through research in cybersecurity and software/data/infrastructure engineering.

Additional technical and governance controls were required to enable safe access to medical images.

The researcher is isolated from the rest of the trusted research environment (TRE) using a Project Private Zone (PPZ). This enables researchers to build and install their own software stack, and protects the TRE from malicious code.

Guidelines are under development for researchers on the safe development of algorithms and the expected relationship between the size of the model and the training dataset. There is associated work on the statistical disclosure control of models to enable safe release of trained models from the TRE.

A policy enabling the use of “Non-standard software” based on prior research, domain knowledge and experience gained from two contrasting research studies was developed. Additional clauses have been added to the legal control – the eDRIS User Agreement – signed by each researcher and their Head of Department. Penalties for attempting to import or use malware, remove data within models or any attempt to deceive or circumvent such controls are severe, and apply to both the individual and their institution. The process of building and deploying a PPZ has been developed allowing researchers to install their own software.

No attempt has yet been made to add additional ethical controls; however, a future service development could be validating the performance of researchers’ algorithms on our training dataset.

The availability to conduct research using images poses new challenges and risks for those commissioning and operating TREs. The Private Project Zone and our associated governance controls are a huge step towards supporting the needs of researchers in the 21st century.
Original languageEnglish
Title of host publicationIJPDS International Journal of Population Data Science
Subtitle of host publicationVol. 7 No. 3 (2022): Conference Proceedings for International Population Data Linkage Conference 2022
Publication statusPublished - 25 Aug 2022


Dive into the research topics of 'Scottish Medical Imaging Service: Technical and Governance controls'. Together they form a unique fingerprint.

Cite this