Hospital providers, physicians and researchers are interested in a cross-institutional use of their data for clinical research. This interest has led to the question whether the scientific potential of the data stored in so many different systems can be unfolded by the establishment of a cross-institutional medical data warehouse. The aim of this paper is to describe the ethical and regulatory requirements and to develop a solution architecture considering technical and organisational aspects. The present paper uses a structured approach to collect user requirements. The requirements are discussed with legal experts. The work was complemented by extended literature research. An essential requirement is the cross-institutional merging of the data. Here, aspects of data protection as the informed consent, or transparency must be considered. In addition it is essential to protect the researchers through transparency from accusations on publication bias. Technical and organisational solutions in combination of data protection, and data security enable an operation of a central medical data warehouse in compliance with the law. The usage of this infrastructure for research can contribute to an improvement of the treatment quality, and patient safety if there is an appropriate transparency. This contributes to innovation and added value of a hospital group.