An evaluation of technologies for the pseudonymization of medical data

Privacy is one of the fundamental issues in health care today. Although, it is a fundamental right of every individual to demand privacy and a variety of laws were enacted that demand the protection of patients' privacy, approaches for protecting privacy often do not comply with legal requirements or basic security requirements. This paper highlights research directions currently pursued for privacy protection in e-health and evaluates common pseudonymization approaches against legal and technical criteria. Thereby, it supports decision makers in deciding on privacy systems and researchers in identifying the gaps of current approaches for privacy protection as a basis for further research.

[1]  Stephen Hinde Privacy legislation: a comparison of the US and European approaches , 2003, Comput. Secur..

[2]  A. Grizzle,et al.  Drug-related morbidity and mortality: updating the cost-of-illness model. , 2001, Journal of the American Pharmaceutical Association.

[3]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[4]  HIPAA administrative simplification: enforcement. Final rule. , 2006, Federal register.

[5]  D. Koo,et al.  HIPAA privacy rule and public health; guidance from CDC and the U.S. Department of Health and Human Services , 2003 .

[6]  Jörg Caumanns,et al.  Der Patient bleibt Herr seiner Daten Realisierung des eGK-Berechtigungskonzepts über ein ticketbasiertes, virtuelles Dateisystem , 2006, Informatik-Spektrum.

[7]  Thomas Neubauer,et al.  A secure architecture for the pseudonymization of medical data , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[8]  P. Clayton,et al.  Privacy, confidentiality, and electronic medical records. , 1996, Journal of the American Medical Informatics Association : JAMIA.

[9]  Thomas C. Rindfleisch,et al.  Privacy, information technology, and health care , 1997, CACM.

[10]  Gerrit Hornung,et al.  Die künftige Telematik-Rahmenarchitektur im Gesundheitswesen , 2005, Wirtschaftsinf..

[11]  K. Pommerening,et al.  Secondary use of the EHR via pseudonymisation. , 2004, Studies in health technology and informatics.

[12]  Bernhard Riedl,et al.  Datenverarbeitungssystem zur verarbeitung von objektdaten , 2007 .

[13]  Thomas Neubauer,et al.  Improving Patients Privacy with Pseudonymization , 2008, MIE.

[14]  Daniel Slamanig,et al.  Privacy Aspects of eHealth , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[15]  Ernest R. House,et al.  Assumptions Underlying Evaluation Models , 1978 .

[16]  Fareed Bashir,et al.  European Convention on Human Rights , 2003 .

[17]  Simone Fischer Hübner IT-Security and Privacy : Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[18]  Carol H. Weiss Evaluation : methods for studying programs and policies , 1997 .

[19]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[20]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .