Poster Number
31
Poster Title
Towards a Federated and Secure Infrastructure for Secondary Use of Health Data in Europe: Technical and Operational Specifications for Secure Processing Environments (SPEs)
Authors
Helena Lodenius, Heikki Lehväslaiho (CSC – IT Center for Science)
Abstract
The European Health Data Space (EHDS) aims to enable secure, cross-border secondary use of health data for research, innovation, and policy. A cornerstone of this vision is the Secure Processing Environment (SPE)—a virtual or physical infrastructure that ensures lawful, privacy-preserving, and auditable data processing. As part of the TEHDAS2 Joint Action, we present technical, functional and operational specifications for SPEs, developed through a comprehensive analysis of EU regulations (GDPR, DGA, EHDS), existing SPE implementations and interoperability frameworks.
These specifications define foundational requirements for data protection, user authentication, access control and data transfer, while also addressing the governance and interoperability challenges of building a federated network of SPEs across Europe.
The proposed architecture supports both standalone and federated SPEs, enabling scalable, privacy-preserving data analysis and federated computing. To ensure interoperability and trust, the specifications recommend the adoption of open standards, including those developed by the Global Alliance for Genomics and Health (GA4GH), such as Crypt4GH for secure data streaming and Passports for federated identity management. We also propose lightweight operational frameworks, such as FitSM, to support consistent implementation across Member States.
This poster outlines the SPE lifecycle—from data permit issuance to decommissioning—and highlights key capabilities required for secure and interoperable data processing. It also explores how international standards, including those from GA4GH, can support the development of trusted, federated infrastructures for health data use.
Our work contributes to the global dialogue on secure processing environments and offers a blueprint for implementing secure, federated data infrastructures aligned with GA4GH principles.
These specifications define foundational requirements for data protection, user authentication, access control and data transfer, while also addressing the governance and interoperability challenges of building a federated network of SPEs across Europe.
The proposed architecture supports both standalone and federated SPEs, enabling scalable, privacy-preserving data analysis and federated computing. To ensure interoperability and trust, the specifications recommend the adoption of open standards, including those developed by the Global Alliance for Genomics and Health (GA4GH), such as Crypt4GH for secure data streaming and Passports for federated identity management. We also propose lightweight operational frameworks, such as FitSM, to support consistent implementation across Member States.
This poster outlines the SPE lifecycle—from data permit issuance to decommissioning—and highlights key capabilities required for secure and interoperable data processing. It also explores how international standards, including those from GA4GH, can support the development of trusted, federated infrastructures for health data use.
Our work contributes to the global dialogue on secure processing environments and offers a blueprint for implementing secure, federated data infrastructures aligned with GA4GH principles.
Digital Poster