Recognition and Pseudonymization of Personal Data in Paper-Based Health Records

  • Stefan Fenz
  • Johannes Heurix
  • Thomas Neubauer
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 117)


E-health requires the sharing of patient-related data when and where necessary. Electronic health records (EHR) allow the structured and expandable collection of medical data needed for clinical research studies and thereby not only enable the optimization of clinical studies, but also results in higher statistical significance due to a larger number of samples. While the digitization of medical data and the organization of this data within EHRs have been introduced in some areas, massive amounts of paper-based health records are still produced on a daily basis. This data has to be stored for decades due to legal reasons but is of no benefit for research organizations, as the unstructured medical data in paper-based health records cannot be efficiently used for clinical studies. Furthermore, legal regulations prohibit the use of documents containing both personal and medical data for clinical studies, which leads to expensive data acquisition phases and limited samples. This paper presents the MEDSEC system for the recognition and pseudonymization of personal data in paper-based health records. MEDSEC integrates unique methods for (i) automatically identifying personal and medical data, (ii) automatically annotating the optical character recognition (OCR) output data of paper-based health records with standard-compliant metadata, and (iii) automatically pseudonymizing the personal data. With MEDSEC, health care organizations profit by (i) strengthening clinical research resulting in faster and more reliable results and reduced costs, and (ii) providing an environment of trust for its patients and employees that guarantees privacy.


EHR privacy annotation HL7 CDA pseudonymization transformation OCR 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ernst, F.R., Grizzle, A.J.: Drug-related morbidity and mortality: Updating the cost-of-illness model. Journal of the American Pharmacists Association 41(2), 192–199 (2001)Google Scholar
  2. 2.
    Pope, J.: Implementing EHRs requires a shift in thinking. PHRs–the building blocks of EHRs–may be the quickest path to the fulfillment of disease management. Health Management Technology 27(6), 24 (2006)Google Scholar
  3. 3.
    Maerkle, S., Koechy, K., Tschirley, R., Lemke, H.U.: The PREPaRe system – Patient Oriented Access to the Personal Electronic Medical Record. In: Proceedings of Computer Assisted Radiology and Surgery, Netherlands, pp. 849–854 (2001)Google Scholar
  4. 4.
    Masi, J.D., Hansen, R., Grabowski, H.: The price of innovation: New estimates of drug development costs. Journal of Health Economics 22, 151–185 (2003)CrossRefGoogle Scholar
  5. 5.
    2000, C.I.: R&D Briefing: Benchmarking for Efficient Drug Development (2000)Google Scholar
  6. 6.
    Anton, A.I., Earp, J.B., Reese, A.: Analyzing website privacy requirements using a privacy goal taxonomy. In: Proceedings of the IEEE Joint International Conference on Requirements Engineering, pp. 23–31 (2002)Google Scholar
  7. 7.
    Squicciarini, A., Bertino, E., Ferrari, E., Ray, I.: Achieving privacy in trust negotiations with an ontology-based approach. IEEE Transactions on Dependable and Secure Computing 3(1), 13–30 (2006)CrossRefGoogle Scholar
  8. 8.
    W3C: Platform for Privacy Preferences (P3P) Project (October 2007),
  9. 9.
    Pfitzmann, A., Koehntopp, M.: Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology. LNCS. Springer, Heidelberg (2005) Google Scholar
  10. 10.
    Taipale, K.A.: Technology, Security and Privacy: The Fear of Frankenstein, the Mythology of Privacy and the Lessons of King Ludd. International Journal of Communications Law & Policy 9 (2004)Google Scholar
  11. 11.
    Peterson, R.L.: Patent: Encryption system for allowing immediate universal access to medical records while maintaining complete patient control over privacy. US Patent US 2003/0074564 A1 (2003)Google Scholar
  12. 12.
    Thielscher, C., Gottfried, M., Umbreit, S., Boegner, F., Haack, J., Schroeders, N.: Patent: Data processing system for patient data. Int. Patent, WO 03/034294 A2 (2005)Google Scholar
  13. 13.
    de Moor, G.J., Claerhout, B., de Meyer, F.: Privacy enhancing technologies: the key to secure communication and management of clinical and genomic data. Methods of Information in Medicine 42, 148–153 (2003)Google Scholar
  14. 14.
    Gulcher, J.R., Kristjánsson, K., Gudbjartsson, H., Stefánsson, K.: Protection of privacy by third-party encryption in genetic research. European Journal of Human Genetics 8(10), 739–742 (2000)CrossRefGoogle Scholar
  15. 15.
    Pommerening, K.: Medical Requirements for Data Protection. In: Proceedings of IFIP Congress, vol. 2, pp. 533–540 (1994)Google Scholar
  16. 16.
    Pommerening, K., Reng, M.: Secondary use of the Electronic Health Record via Pseudonymisation. In: Medical and Care Compunetics 1, pp. 441–446. IOS Press (2004)Google Scholar
  17. 17.
    Dolin, R.H., Alschuler, L., Beebe, C.: The hl7 clinical document architecture. J. Am. Med. Inform. Assoc. 8(6), 552–569 (2001)CrossRefGoogle Scholar
  18. 18.
    Fischer-Huebner, S.: IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Springer (2001)Google Scholar
  19. 19.
    European Union: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities L 281, 31–50 (1995)Google Scholar
  20. 20.
    Hinde, S.: Privacy legislation: a comparison of the US and European approaches. Computers and Security 22(5), 378–387 (2003)CrossRefGoogle Scholar
  21. 21.
    Hornung, G., Goetz, C.F.J., Goldschmidt, A.J.W.: Die künftige Telematik-Rahmenarchitektur im Gesundheitswesen. Wirtschaftsinformatik 47, 171–179 (2005)Google Scholar
  22. 22.
    U.S. Department of Health & Human Services Office for Civil Rights: Summary of the HIPAA Privacy Rule (2003)Google Scholar
  23. 23.
    U.S. Congress: Health Insurance Portability and Accountability Act of 1996. 104th Congress (1996)Google Scholar
  24. 24.
    Schabetsberger, T., Ammenwerth, E., Göbel, G., Lechleitner, G., Penz, R., Vogl, R., Wozak, F.: What are functional requirements of future shared electronic health records? Connecting Medical Informatics and Bio-Informatics, 1070–1075 (2005)Google Scholar
  25. 25.
    Riedl, B., Neubauer, T., Goluch, G., Boehm, O., Reinauer, G., Krumboeck, A.: A secure architecture for the pseudonymization of medical data. In: Proceedings of the Second International Conference on Availability, Reliability and Security, pp. 318–324 (2007)Google Scholar
  26. 26.
    United States Department of Health & Human Service: HIPAA Administrative Simplification: Enforcement; Final Rule. Federal Register / Rules and Regulations 71(32) (2006)Google Scholar
  27. 27.
    Council of Europe: European Convention on Human Rights. Martinus Nijhoff Publishers (1987)Google Scholar
  28. 28.
    Maris, K.: The Human Factor. In: Proceedings of, Luxembourg (2005)Google Scholar
  29. 29.
    Thornburgh, T.: Social engineering: the “Dark Art”. In: Proceedings of the First Annual ACM Conference on Information Security Curriculum Development, pp. 133–135. ACM Press (2004)Google Scholar
  30. 30.
    Schmidt, V., Striebel, W., Prihoda, H., Becker, M., Lijzer, G.D.: Patent: Verfahren zum Be-oder Verarbeiten von Daten. German Patent, DE 199 25 910 A1 (2001)Google Scholar
  31. 31.
    Fraunhofer Institut: Spezifikation der Lösungsarchitektur zur Umsetzung der Anwendungen der elektronischen Gesundheitskarte (2005)Google Scholar
  32. 32.
    Caumanns, J.: Der Patient bleibt Herr seiner Daten. Informatik-Spektrum, 321–331 (2006)Google Scholar
  33. 33.
    Heurix, J., Karlinger, M., Neubauer, T.: Pseudonymization with metadata encryption for privacy-preserving searchable documents. In: Proceedings of the 45th Hawaii International Conference on System Sciences, HICSS 45 (2012)Google Scholar
  34. 34.
    Heurix, J., Karlinger, M., Schrefl, M., Neubauer, T.: A Hybrid Approach integrating Encryption and Pseudonymization for Protecting Electronic Health Records. In: Proceedings of the Eighth IASTED International Conference on Biomedical Engineering, p. 117 (2011)Google Scholar
  35. 35.
    Heurix, J., Neubauer, T.: Privacy-Preserving Storage and Access of Medical Data through Pseudonymization and Encryption. In: Furnell, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2011. LNCS, vol. 6863, pp. 186–197. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  36. 36.
    Neubauer, T., Heurix, J.: A methodology for the pseudonymization of medical data. International Journal of Medical Informatics 80(3), 190–204 (2011)CrossRefGoogle Scholar
  37. 37.
    Neubauer, T., Kolb, M.: An Evaluation of Technologies for the Pseudonymization of Medical Data. In: Lee, R., Hu, G., Miao, H. (eds.) Computer and Information Science 2009. SCI, vol. 208, pp. 47–60. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  38. 38.
    Neubauer, T., Riedl, B.: Improving patients privacy with pseudonymization. In: Proceedings of the International Congress of the European Federation for Medical Informatics (2008)Google Scholar
  39. 39.
    Riedl, B., Grascher, V., Fenz, S., Neubauer, T.: Pseudonymization for improving the privacy in e-health applications. In: Proceedings of the Forty-First Hawai’i International Conference on System Sciences (2008)Google Scholar
  40. 40.
    Riedl, B., Grascher, V., Neubauer, T.: A secure e-health architecture based on the appliance of pseudonymization. Journal of Software (2008)Google Scholar
  41. 41.
    Hendry, M.: Smart Card Security and Applications, 2nd edn. Artech House, Inc., Norwood (2001)Google Scholar
  42. 42.
    Waegemann, C.: Status report 2002: Electronic health records. Medical Records Institute, Boston (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Stefan Fenz
    • 1
  • Johannes Heurix
    • 2
  • Thomas Neubauer
    • 1
  1. 1.Vienna University of TechnologyViennaAustria
  2. 2.SBA ResearchViennaAustria

Personalised recommendations