The Pseudonym Broker Privacy Pattern in Medical Data Collection

This paper presents a privacy pattern for the collection of personal data from various sources and combining these into a single database, whilst protecting the privacy of the data subjects involved by using pseudonyms that prevent the joining of data. The data subject´s identity, the identity of the data source, and the time frame over which the data are collected are all part of a pseudonym generation scheme. The pseudonyms are reversible by a trusted third party, thus still allowing queries over the collected data, but only with the knowledge and assistance of this party. The pattern has been developed for and implemented in a Dutch healthcare innovation project.