Health-RI wiki v4.0 -> consultatie (open tot 03-12-2024)


Secure processing environment

This article describes the secure processing environment as an abstract application component at a functional level. We take the following into account:

The concrete application components that fulfill the function of SPE can also fulfill other functions (e.g. linking data) and/or the research journey can be used in other places (e.g. for data preparation). These functions are not discussed in this article.

A secure processing environment can be used under different governance models, in which processing responsibility and trust play important roles. This is described in Storyline: Central analysis

Description

Central analysis of health data, as described in Storyline: Central analysis, takes place in a secure processing environment within the Health-RI ecosystem. Health-RI defines a secure processing environment as a digital environment for processing sensitive data in which appropriate technical and organizational measures, including system security and user access, are implemented to protect the data against unauthorized access, modification or deletion and to ensure the privacy of the data subjects. A secure processing environment is mainly used to enable collaboration on sensitive data outside the own institution with maximum protection against external and internal threats.

Terms

In the context of the European Health Data Space (EHDS), the English term Secure Processing Environment (SPE) and the provisional Dutch translation Beveiligde Verwerkingsomgeving (BVO) are used to refer to secure processing environments. The Dutch translation of the EHDS is not yet final, so the term BVO may still be subject to change.

Key Features of a Secure Processing Environment

  • Isolation: The secure processing environment is separated from other environments, and projects within the secure processing environment are isolated from each other to prevent unauthorized access or interference.

  • Access Control: Strict controls are implemented to ensure that only authorized users have access to the SPE and can only perform authorized actions.

  • Data Protection: Sensitive data is encrypted and protected from unauthorized manipulation or damage throughout its lifecycle within the SPE.

  • Monitoring and Logging: Activity within the SPE is monitored and logged to detect suspicious or unauthorized behavior.

Which Secure Processing Environment can I use?

Given the wide range of secure processing environment applications and associated requirements, various secure processing environments can be deployed within the Health-RI ecosystem (for an overview, see Applications secure processing environment ). A secure processing environment deployed within the Health-RI ecosystem must meet the minimum requirements for secure processing environments and the requirements linked to the data classification of the data to be processed (see Requirements for a secure processing environment).