IT Field of Competence Digital Health: Reference Story Schütze


Analysis of personally identifiable information and data protection regulations in equilibrium

In the health care sector, digital progress and improvement of the quality of care is not possible without the collection, storage and analysis of medical and personally identifiable patient data. However, working with such data sets under German and European data protection regulations and directives is a growing challenge. The pseudonymization of personally identifiable information and the establishment of independent and compliant trusted third parties offers a solution.

Especially in the health care sector, the collection and evaluation of sensitive and often personally identifiable information is necessary to enable quality assurance and research. However, when dealing with such data, strict German and European data protection directives must be observed. The European general data protection regulation, which comes into effect in May 2018, will increase the complexity and burden of compliance when handling personally identifiable information. All those who wish to collect or evaluate such data must use technological procedures to ensure data protection. One method that has proven itself in this regard is pseudonymization.

Pseudonymization replaces personally identifiable information with a fixed key, the so-called pseudonym, which prohibits the identification of the person concerned. Contextual (in this case medical) and record linkage information is retained, since one and the same person always receives the same pseudonym. By contrast, in the case of anonymization, personally identifiable information is either removed entirely or replaced with variable keys – thus loosing contextual information and making record linkage to the other data difficult.

Pseudonymization as an enabler for cross-sectoral quality assurance

In Germany, regulations for long term quality assurance in health care are enacted by a joint federal committee “Gemeinsamer Bundesausschuss” (G-BA) [1] . In order to enable the required analysis to perform cross-sectoral quality assurance, it is necessary to track of treatments and to combine different data sets i.e. across different locations, from various care providers and over long periods of time.

[1] The Joint Federal Committee (G-BA) is "[…] the highest decision-making body for the self-regulation of doctors, dentists, psychotherapists, hospitals and health insurance funds in Germany". Source:

Taking a simple example: patient Jones visits his family doctor in 2012, because he has hip pain. The physician refers Mr. Jones to an orthopedic specialist. After numerous examinations, it is determined that Mr. Jones needs a hip prosthesis. After the operation and physiotherapy, Mr. Jones moves to another state and thus visits new doctors for follow-up examinations. The problem becomes, how can we digitally track the medical wellbeing of Mr. Jones over a period of many years and thus through gained insights improve the quality of care all while remaining compliant with data protection regulations?

The digital solution for this problem is the implementation of a pseudonymization service hosted by an independent and privacy-compliant trusted third party. On behalf of the G-BA, an independent trusted third party was developed and is provided by Schütze AG in accordance with § 299 SGB V. This trusted third party is placed in the dataflow between the data generating and data evaluating centers and securely transforms personally identifiable information into pseudonyms. A generic hash algorithm is used in combination with a non-deterministic true random number generator to generate and use exclusive keys for each medical field under analysis. This adaptive, standardized approach allows new medical fields, new generation and evaluation centers to be easily connected to the trusted third party, without risking data security. To meet the requirements of data protection directives, the trusted third party for the G-BA is operated in a high-security data center. For the transfer of asynchronous data, encrypted secure transmission paths are used.

The establishment of independent trust centers is the best way to ensure the availability of useful information for analysis whilst ensuring compliance with legal and regulatory requirements. In the course of digitization, the importance of this solution pattern will become more important, especially but not only in the health care sector.

Website Schütze

© Photo: Schütze AG

More Reference Stories from the IT Field of Competence Digital Health

Newsenselab: M-Sense – an app brings relief for migraine and tension headache

40 percent of all Germans suffer from migraine and tension headache. Now help is at hand for the many patients in the shape of a mobile application. M-sense was recently released as the first migraine and tension headache app to be certified as a medical product. It was developed in Berlin. Read more ...