Anonymization and Pseudonymization
The terms ‘anonymization’ and ‘pseudonymization’ are more often than not used wrongfully or in a mistakable context.
That is why a quick reference to the EU General Data Protection Regulation (EU-GDPR) and the Federal Data Protection Act (BDSG) is in order.
The more a system is trusted, the better the condition for compliance.
TU Berlin, FB Recht und Informatik (2006)
The anonymization of personal data, in particular when “special types of personal data” need to be administrated, would constitute optimal protection of the concerned patients/study participants.
In most clinical or medical daily routines, anonymization may not be applicable because follow-up examinations, data from follow-up studies, questionnaires or telemedical data have to remain traceable to the very same person over and over again. Only in this way, event history data on disease and therapy can be documented, illustrated and analysed in a practice-oriented manner. The attending physician assumes that he will be able to address the patient with their full name and not with a cryptic and meaningless patient number.
Admittedly, there is no pseudonymization procedure that provides the same degree of protection as anonymization. But there are processes which can attain a comparable level of security. If patient data has been pseudonymized at multiple instances, for example, we call that factual anonymization.
Such protection is attained through technical and organizational measures, associated standard operating procedures, and a level of system transparency, which give each interested physician or patient the opportunity to track and comprehend the employed procedure. Only if the technology is understood, trust can be built and an assessment undertaken as to whether one will be a party to residual risk or not. If the technology is understood, suggestions for improvement can be developed and implemented which make the system more secure and further reduce residual risk.
For many years, Serrala Cloud Solutions has been developing software in which pseudonymization or anonymization plays a decisive role.
We are aware of requirements presented by ethics commissions and data protection agencies, and we affirm the quality of our software through a validation of our systems in close cooperation with our customers. Our customers get to understand the software which they have commissioned because transparency creates trust and opens up pathways for steady improvement. That is the only way to ensure a sustainable prevention of (un)premeditated attacks on data worthy of protection.
This inspired the work entitled
Transparency and quality management play essential roles in the development of our Healthcare Software. Our ISO 9001 QM system, provision for ISO Norm 27001, and welcome audits performed by our customers produce unmistakable evidence to this effect.
For further questions we are always prepared to support you with detailed information.