Secure Processing Environments (SPE) Are Needed for the Cybersecure Collection and Secondary Use of Personal, Health, and Social Data


Soini E1, Hallinen T2, Martikainen J2
1ESiOR Oy, Kuopio, 15, Finland, 2ESiOR Oy, Kuopio, Finland

Presentation Documents

OBJECTIVES: In health and social care policy, outcomes research (OR) provides insight to outcomes (the end results) of the care provision technologies, structure, and processes impacting individuals and populations. OR may improve effectiveness in health care through improvements in decision making, market access and development of treatment guidelines and best practices (BPs). BPs aim at producing shared value for the target population and society.

In OR and BP, personal, health, and social data (PHSD) are needed. The use of PHSD is governed by legal frameworks such as the Health Insurance Portability and Accountability Act (HIPAA) in the US and the General Data Protection Regulation (GDPR) in the EU.

METHODS: GDPR forms the basis for processing of personal data. Yet, processing of health data is prohibited unless suitable and specific measures to safeguard the fundamental rights and the interests of the data subject are in place and specific conditions such as consent, protection of vital interests, public interest or scientific or historical research purpose are met. The Finnish Act on the Secondary Use of Health and Social Data gives the framework for the use of PHSD for secondary purposes including research and statistics, innovation and development, knowledge management, teaching, and authority work.

RESULTS: As a result of differences in e.g., local readiness for data sharing, international initiatives have been undertaken to enable multinational PHSD sharing. The Joint Action Towards the European Health Data Space (TEHDAS) develops principles for the use of health data in European Health Data Space (EHDS) common legislation.

CONCLUSIONS: A key interest of novel evidence generation is the possibility to collect new research data in structured form from patient charts or augment existing structural data securely. E.g., for these purposes, an enhanced Secure Processing environment (SPE) SPESiOR in accordance with the Finnish regulations have been developed, audited, certified, and is presented.

Conference/Value in Health Info

2022-11, ISPOR Europe 2022, Vienna, Austria

Value in Health, Volume 25, Issue 12S (December 2022)




Real World Data & Information Systems, Study Approaches

Topic Subcategory

Data Protection, Integrity, & Quality Assurance, Prospective Observational Studies, Registries


No Additional Disease & Conditions/Specialized Treatment Areas

Your browser is out-of-date

ISPOR recommends that you update your browser for more security, speed and the best experience on Update my browser now