In computing science, much attention has been paid to generic methods for sharing data in secure infrastructures. These sorts of methods and infrastructures are, of course, necessary for sharing healthcare data. We are, however, a long way away from being able to realise the potential of medical and healthcare data to support the sorts of extensive, data-intensive experiments being demanded by precision and stratified medicine. A key architectural problem remaining to be solved is how to maintain control of patient data within the governance of local data jurisdictions while also allowing these jurisdictions to engage with experiment designs that (because of the need to scale to large population sizes) may require analyses across several jurisdictions. This paper provides a snapshot of architectural work underway to provide a clear, effective structure of data safe havens within jurisdictions. It then describes how formally specified experiment designs can be used single jurisdiction could tackle alone. Our current work relates to two jurisdictions (in Scotland and in Italy) but the architecture and methods are general across similar jurisdictions.