A framework for the application of pseudonymization for primary and secondary use of health data

Abstract

Today's world is characterized by the availability of large amounts of data and the technologies to process them. This has been a significant boost to today's economy, but has also increased the need for data security. Whenever sensitive and personal data is involved, adequate data protection mechanisms must be installed to prevent unauthorized data disclosure which results in adverse consequences for individuals. Personal health data is a particular, usually highly sensitive type of data, which is why its disclosure must be tightly controlled in order to protect the privacy of individuals. The introduction of interconnected systems like electronic health records has made it easier to acquire and process vital information and has thus improved general health care, though the facilitated access to critical data has also increased the fear of data abuse by unauthorized parties. More often than not, unregulated disclosure of personal health data leads to discrimination or harassment of the affected individuals. Thus, existing legal regulations should be supplemented by technical means. However, personal health data is also an important source of information for research purposes, and patients usually agree to this form of beneficial data disclosure to third parties for secondary use, as long as their privacy is preserved. Thus, it is necessary to keep the balance between the patients' privacy and the usability of their health data for research purposes. In this thesis, pseudonymization is investigated as a method to keep this balance between privacy and data usability. The security architecture based on pseudonymization ensures that the patients' health data is stored in a pseudonymized state, which enables privacy-preserving secondary use. Since pseudonymization is a reversible process, access to the original de-pseudonymized data can be granted to trusted health care providers for direct primary care. This form of authorized data access is controlled exclusively by the patients who are acting as owners of their data. Therefore, this pseudonymization architecture supports the concurrent patient-controlled primary use and privacy-preserving secondary use of health data. Furthermore, the thesis also investigates pseudonymization in a scenario purely for secondary use including the necessary steps to convert existing archived health data into a form suitable for privacy-preserving processing for research purposes.