New TEHDAS2 Guideline Supports Researchers in Secure Use of Health Data

Secure Processing Environments are a cornerstone of the EHDS infrastructure. They provide data users—such as researchers, policymakers and innovators—with a controlled digital workspace for analysing personal health data without compromising data protection. The new guideline offers practical, step-by-step advice for using SPEs from the early project planning phase through to result export and data deletion. 

“This guideline gives future health data users a roadmap to plan their work in line with legal, ethical and technical requirements. It helps them avoid delays and ensures they can make full use of the EHDS infrastructure,” explains Irene Schlünder, lead author of the guideline and legal expert at TMF e.V., Germany. 

The document covers key topics including: 

• What SPEs are and when they are required
• How to select or suggest an appropriate SPE in a data access application
• Fees and cost considerations
• Access modalities and security requirements
• The user’s responsibilities as a data controller under GDPR and EHDS regulation 

Importantly, the guideline also clarifies that only anonymised results can be exported from SPEs—ensuring strong safeguards for privacy while allowing researchers to work with high-quality, pseudonymised data. 

“We hope this guideline empowers researchers and public institutions across Europe to take full advantage of the EHDS. It’s a tool that supports secure, ethical and efficient health data use across borders,” says Emmi Turunen from the HUS Group in Finland, one of the co-authors of the deliverable. 

The guideline is part of TEHDAS2 work, which focuses on safe and secure processing of health data. It complements other deliverables addressing technical specifications, anonymisation techniques, and data linkage—contributing to a harmonised implementation of the EHDS regulation across EU Member States.