OBJECTIVES: In health and social care policy, outcomes research (OR) provides insight to outcomes (the end results) of the care provision technologies, structure, and processes impacting individuals and populations. OR may improve effectiveness in health care through improvements in decision making, market access and development of treatment guidelines and best practices (BPs). BPs aim at producing shared value for the target population and society.

In OR and BP, personal, health, and social data (PHSD) are needed. The use of PHSD is governed by legal frameworks such as the Health Insurance Portability and Accountability Act (HIPAA) in the US and the General Data Protection Regulation (GDPR) in the EU.

METHODS: GDPR forms the basis for processing of personal data. Yet, processing of health data is prohibited unless suitable and specific measures to safeguard the fundamental rights and the interests of the data subject are in place and specific conditions such as consent, protection of vital interests, public interest or scientific or historical research purpose are met. The Finnish Act on the Secondary Use of Health and Social Data gives the framework for the use of PHSD for secondary purposes including research and statistics, innovation and development, knowledge management, teaching, and authority work.

RESULTS: As a result of differences in e.g., local readiness for data sharing, international initiatives have been undertaken to enable multinational PHSD sharing. The Joint Action Towards the European Health Data Space (TEHDAS) develops principles for the use of health data in European Health Data Space (EHDS) common legislation.

CONCLUSIONS: A key interest of novel evidence generation is the possibility to collect new research data in structured form from patient charts or augment existing structural data securely. E.g., for these purposes, an enhanced Secure Processing environment (SPE) SPESiOR in accordance with the Finnish regulations have been developed, audited, certified, and is presented.