Pseudonyms for Cancer Registries

AbstractIn order to conform to the rigid German legislation on data privacy and security we developed a new concept of data flow and data storage for population-based cancer registries. A special trusted office generates a pseudonym for each case by a cryptographic procedure. This office also handles the notification of cases and communicates with the reporting physicians. It passes pseudonymous records to the registration office for permanent storage. The registration office links the records according to the pseudonyms. Starting from a requirements analysis we show how to construct the pseudonyms; we then show that they meet the requirements. We discuss how the pseudonyms have to be prote…