{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T23:26:51Z","timestamp":1773358011867,"version":"3.50.1"},"reference-count":46,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2019,9,4]],"date-time":"2019-09-04T00:00:00Z","timestamp":1567555200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"},{"start":{"date-parts":[[2019,9,4]],"date-time":"2019-09-04T00:00:00Z","timestamp":1567555200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["BMC Med Inform Decis Mak"],"published-print":{"date-parts":[[2019,12]]},"DOI":"10.1186\/s12911-019-0905-x","type":"journal-article","created":{"date-parts":[[2019,9,4]],"date-time":"2019-09-04T12:03:48Z","timestamp":1567598628000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":28,"title":["Pseudonymization for research data collection: is the juice worth the squeeze?"],"prefix":"10.1186","volume":"19","author":[{"given":"Florian","family":"Kohlmayer","sequence":"first","affiliation":[]},{"given":"Ronald","family":"Lautenschl\u00e4ger","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3172-3095","authenticated-orcid":false,"given":"Fabian","family":"Prasser","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,9,4]]},"reference":[{"issue":"4","key":"905_CR1","doi-asserted-by":"publisher","first-page":"279","DOI":"10.1504\/IJIEM.2010.03562","volume":"6","author":"A Appari","year":"2010","unstructured":"Appari A, Johnson ME. Information security and privacy in healthcare: current state of research. Int J Internet Enterp Manag. 2010;6(4):279\u2013314. \n                    https:\/\/doi.org\/10.1504\/IJIEM.2010.03562\n                    \n                  .","journal-title":"Int J Internet Enterp Manag"},{"key":"905_CR2","doi-asserted-by":"publisher","first-page":"1471","DOI":"10.1001\/jama.2015.2252","volume":"313","author":"V Liu","year":"2015","unstructured":"Liu V, Musen MA, Chou T. Data breaches of protected health information in the United States. Jama. 2015;313:1471\u20133.","journal-title":"Jama."},{"issue":"3","key":"905_CR3","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1016\/j.clsr.2012.03.005","volume":"28","author":"D Hallinan","year":"2012","unstructured":"Hallinan D, Friedewald M, McCarthy P. Citizens\u2019 perceptions of data protection and privacy in europe. Comp Law Sec Rev. 2012;28(3):263\u201372.","journal-title":"Comp Law Sec Rev"},{"key":"905_CR4","first-page":"31","volume":"281","author":"European Parliament and Council of the European Union","year":"1995","unstructured":"European Parliament and Council of the European Union. European parliament and council directive 95\/46\/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Union L. 1995;281:31\u201350.","journal-title":"Official Journal of the European Union L"},{"key":"905_CR5","first-page":"1","volume":"119","author":"European Parliament and Council of the European Union","year":"2016","unstructured":"European Parliament and Council of the European Union. Regulation (EU) 2016\/679 European Parliament and council directive 95\/46\/EC of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Union L. 2016;119:1.","journal-title":"Official Journal of the European Union L"},{"key":"905_CR6","volume-title":"15 march 2006","author":"Council of Europe","year":"2006","unstructured":"Council of Europe. Recommendation rec 2006\/4 of the Committee of Ministers to member states on research on biological materials of human origin, 958th meeting. In: 15 march 2006; 2006."},{"key":"905_CR7","unstructured":"U.S. Department of Health and Human Services Office for Civil Rights. HIPAA Administrative Simplification Regulation, 45 CFR Parts 160, 162, and 164. 2013;"},{"key":"905_CR8","unstructured":"OECD (2008) Guidelines for human biobanks and genetic research databases. \n                    http:\/\/www.oecd.org\/science\/biotech\/guidelinesforhumanbiobanksandgeneticresearchdatabaseshbgrds.htm\n                    \n                  . Accessed 10 Oct 2017."},{"key":"905_CR9","unstructured":"German Federal Data Protection Act. In the version promulgated on 14 January 2003 (Federal law Gazette I, p 66 amended by article 1 of the act of 14 august 2009): Federal Law Gazette I; 2009. p. 2814."},{"key":"905_CR10","first-page":"1","volume":"196","author":"Republic of Italy","year":"2003","unstructured":"Republic of Italy. Personal data protection code. Legislative decree. 2003;196:1\u2013186.","journal-title":"Legislative decree"},{"key":"905_CR11","unstructured":"The Caldicott Committee. Report on the Review of Information Report on the Review of Patient-Identifiable Information. London NHS Exec 1997;"},{"key":"905_CR12","unstructured":"Pommerening K, Drepper J, Helbing K, Ganslandt T (2014) Leitfaden zum Datenschutz in medizinischen Forschungsprojekten. 1st edn. Berlin: MWV. ISBN-10: 3954661233."},{"key":"905_CR13","volume-title":"Health informatics - pseudonymization","author":"International Organization for Standardization (ISO)","year":"2008","unstructured":"International Organization for Standardization (ISO) (2008) Health informatics - pseudonymization. ISO\/TS 25237:2008(E)."},{"key":"905_CR14","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1016\/j.ijmedinf.2010.10.016","volume":"80","author":"T Neubauer","year":"2011","unstructured":"Neubauer T, Heurix J. A methodology for the pseudonymization of medical data. Int J Med Inform. 2011;80:190\u2013204.","journal-title":"Int J Med Inform"},{"issue":"2","key":"905_CR15","doi-asserted-by":"publisher","first-page":"23","DOI":"10.4304\/jsw.3.2.23-32","volume":"3","author":"B Riedl","year":"2008","unstructured":"Riedl B, Grascher V, Neubauer T. A secure e-health architecture based on the appliance of pseudonymization. J Software. 2008;3(2):23\u201332. \n                    https:\/\/doi.org\/10.4304\/jsw.3.2.23-32\n                    \n                  .","journal-title":"J Software"},{"key":"905_CR16","unstructured":"Caldicott F. Information: to share or not to share? The information governance review: The National Data Guardian; 2013. p. 139."},{"issue":"3","key":"905_CR17","doi-asserted-by":"publisher","first-page":"322","DOI":"10.1136\/jamia.2009.002725","volume":"17","author":"G Loukides","year":"2010","unstructured":"Loukides G, Denny JC, Malin B. The disclosure of diagnosis codes can breach research participants\u2019 privacy. J Am Med Inform Assoc. 2010;17(3):322\u20137. \n                    https:\/\/doi.org\/10.1136\/jamia.2009.002725\n                    \n                  .","journal-title":"J Am Med Inform Assoc"},{"key":"905_CR18","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1109\/SP.2008.33","volume-title":"2008 IEEE symposium on security and privacy (sp 2008)","author":"A Narayanan","year":"2008","unstructured":"Narayanan A, Shmatikov V. Robust de-anonymization of large sparse datasets. In: 2008 IEEE symposium on security and privacy (sp 2008); 2008. p. 111\u201325. \n                    https:\/\/doi.org\/10.1109\/SP.2008.33\n                    \n                  ."},{"key":"905_CR19","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1016\/j.jbi.2014.02.003","volume":"52","author":"I Danciu","year":"2014","unstructured":"Danciu I, Cowan JD, Basford M, Wang X, Saip A, et al. Secondary use of clinical data: the Vanderbilt approach. J Biomed Inform. 2014;52:28\u201335. \n                    https:\/\/doi.org\/10.1016\/j.jbi.2014.02.003\n                    \n                  .","journal-title":"J Biomed Inform"},{"key":"905_CR20","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1186\/s12911-015-0222-y","volume":"15","author":"R Lautenschl\u00e4ger","year":"2015","unstructured":"Lautenschl\u00e4ger R, Kohlmayer F, Prasser F, Kuhn KA. A generic solution for web-based management of pseudonymized data. BMC Med Inform Decis Mak [Internet] BMC Medical Informatics and Decision Making. 2015;15:100.","journal-title":"BMC Med Inform Decis Mak [Internet] BMC Medical Informatics and Decision Making"},{"key":"905_CR21","doi-asserted-by":"publisher","first-page":"739","DOI":"10.1038\/sj.ejhg.5200530","volume":"8","author":"JR Gulcher","year":"2000","unstructured":"Gulcher JR, Kristj\u00e1nsson K, Gudbjartsson H, Stef\u00e1nsson K. Protection of privacy by third-party encryption in genetic research in Iceland. Eur J Hum Genet. 2000;8:739\u201342.","journal-title":"Eur J Hum Genet"},{"key":"905_CR22","doi-asserted-by":"publisher","first-page":"1334","DOI":"10.3233\/978-1-60750-588-4-1334","volume":"160","author":"A Dangl","year":"2010","unstructured":"Dangl A, Demiroglu SY, Gaedcke J, Helbing K, Jo P, Rakebrandt F, et al. The IT-infrastructure of a biobank for an academic medical center. Stud Health Technol Inform. 2010;160(Pt 2:1334\u20138. \n                    https:\/\/doi.org\/10.3233\/978-1-60750-588-4-1334\n                    \n                  .","journal-title":"Stud Health Technol Inform"},{"key":"905_CR23","doi-asserted-by":"publisher","first-page":"730","DOI":"10.3233\/978-1-60750-044-5-730","volume":"150","author":"M Spitzer","year":"2009","unstructured":"Spitzer M, Ullrich T, Ueckert F. Securing a web-based teleradiology platform according to German law and \u201cbest practices\u201d. Stud Health Technol Inform. 2009;150:730\u20134. \n                    https:\/\/doi.org\/10.3233\/978-1-60750-044-5-730\n                    \n                  .","journal-title":"Stud Health Technol Inform"},{"key":"905_CR24","first-page":"1","volume":"2012","author":"T Majchrzak","year":"2012","unstructured":"Majchrzak T, Schmitt O. Improving epidemiology research with patient registries based on advanced web technology. Proc Int Conf Info Sys Crisis Response Management. 2012;2012:1\u20135.","journal-title":"Proc Int Conf Info Sys Crisis Response Management"},{"key":"905_CR25","doi-asserted-by":"crossref","unstructured":"Geer DE. Complexity is the enemy. IEEE Security & Privacy. 2008;6(6):88\u20138.","DOI":"10.1109\/MSP.2008.139"},{"key":"905_CR26","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/35.312842","volume":"32","author":"R Sandhu","year":"1994","unstructured":"Sandhu R, Samarati P. Access control: principle and practice. IEEE Commun Mag. 1994;32:40\u20138.","journal-title":"IEEE Commun Mag"},{"key":"905_CR27","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1136\/jamia.1996.96236282","volume":"3","author":"RC Barrows","year":"1996","unstructured":"Barrows RC, Clayton PD. Privacy, confidentiality, and electronic medical records. J Am Med Inform Assoc. 1996;3:139\u201348.","journal-title":"J Am Med Inform Assoc"},{"key":"905_CR28","unstructured":"ISO\/IEC 27000:2009. Information technology - security techniques - information security management systems - overview and vocabulary. ISO \/ IEC. 2009;2009."},{"key":"905_CR29","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1159\/000336663","volume":"15","author":"J Eder","year":"2012","unstructured":"Eder J, Gottweis H, Zatloukal K. IT solutions for privacy protection in biobanking. Public Health Genomics. 2012;15:254\u201362. \n                    https:\/\/doi.org\/10.1159\/000336663\n                    \n                  .","journal-title":"Public Health Genomics"},{"issue":"1","key":"905_CR30","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1186\/1472-6947-13-75","volume":"13","author":"H Aamot","year":"2013","unstructured":"Aamot H, Kohl CD, Richter D, Knaup-Gregori P. Pseudonymization of patient identifiers for translational research. BMC Med Inform Decis Mak. 2013;13(1):75. \n                    https:\/\/doi.org\/10.1186\/1472-6947-13-75\n                    \n                  .","journal-title":"BMC Med Inform Decis Mak"},{"key":"905_CR31","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1517\/phgs.4.2.209.22627","volume":"4","author":"H Hakonarson","year":"2003","unstructured":"Hakonarson H, Gulcher JR, Stefansson K. deCODE genetics, Inc. Pharmacogenomics. 2003;4:209\u201315.","journal-title":"Pharmacogenomics"},{"key":"905_CR32","unstructured":"Pommerening K, Schr\u00f6der M. Pseudonymization service and data custodians in medical research networks and biobanks. GI Jahrestagung. 2006;2006:715\u201321."},{"issue":"5","key":"905_CR33","doi-asserted-by":"publisher","first-page":"611","DOI":"10.1002\/mds.21331","volume":"22","author":"K Eggert","year":"2007","unstructured":"Eggert K, W\u00fcllner U, Antony G, Gasser T, Janetzky B, Klein C, et al. Data protection in biomaterial banks for parkinson\u2019s disease research: the model of GEPARD (gene bank parkinson\u2019s disease Germany). Mov Disord. 2007;22(5):611\u20138. \n                    https:\/\/doi.org\/10.1002\/mds.21331\n                    \n                  .","journal-title":"Mov Disord"},{"key":"905_CR34","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1016\/j.cmpb.2008.02.002","volume":"91","author":"A Angelow","year":"2008","unstructured":"Angelow A, Schmidt M, Weitmann K, Schwedler S, Vogt H, Havemann C, et al. Methods and implementation of a central biosample and data management in a three-Centre clinical study. Comput Methods Prog Biomed. 2008;91:82\u201390. \n                    https:\/\/doi.org\/10.1016\/j.cmpb.2008.02.002\n                    \n                  .","journal-title":"Comput Methods Prog Biomed"},{"key":"905_CR35","unstructured":"Benzschawel S, Da SM. Protecting patient privacy when sharing medical data. Telemedicine, Soc Med. 2011; 108-113-1-61208-119\u20139."},{"issue":"12","key":"905_CR36","doi-asserted-by":"publisher","first-page":"1180","DOI":"10.1038\/mp.2012.11","volume":"17","author":"SY Demiroglu","year":"2012","unstructured":"Demiroglu SY, Skrowny D, Quade M, Schwanke J, Budde M, Gullatz V, et al. Managing sensitive phenotypic data and biomaterial in large-scale collaborative psychiatric genetic research projects: practical considerations. Mol Psych. 2012;17(12):1180\u20135.","journal-title":"Mol Psych"},{"key":"905_CR37","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/s00766-010-0115-7","volume":"16","author":"M Deng","year":"2011","unstructured":"Deng M, Wuyts K, Scandariato R, Preneel B, Joosen W. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng Springer London. 2011;16:3\u201332.","journal-title":"Requir Eng Springer London"},{"key":"905_CR38","doi-asserted-by":"crossref","unstructured":"Motro A, Parisi-Presicce F. Blind custodians: a database service architecture that supports privacy without encryption. Data Appl Secur XIX. 2005:338\u201352.","DOI":"10.1007\/11535706_25"},{"key":"905_CR39","unstructured":"Hernan S, Lambert S, Ostwald T, Shostack A. Threat modeling-uncover security design flaws using the stride approach. MSDN Magazine-Louisville. 2006:68\u201375."},{"key":"905_CR40","unstructured":"ISO\/IEC 27001. Information technology \u2013 security techniques \u2013 information security management systems \u2013 requirements. ISO \/ IEC. 2017:2017."},{"key":"905_CR41","doi-asserted-by":"crossref","unstructured":"Ciriani V, Di VSDC, Foresti S, Jajodia S, Paraboschi S, Samarati P. Fragmentation Design for Efficient Query Execution over sensitive distributed databases. 2009 29th IEEE Int. Conf Distrib Comput Syst IEEE Computer Society. 2009:32\u20139.","DOI":"10.1109\/ICDCS.2009.52"},{"key":"905_CR42","doi-asserted-by":"crossref","unstructured":"Kantarc\u0131o\u01e7lu M, Clifton C. Security issues in querying encrypted data. Data Appl. Secur. XIX [internet]: Springer-Verlag; 2005. p. 325\u201337.","DOI":"10.1007\/11535706_24"},{"key":"905_CR43","doi-asserted-by":"crossref","unstructured":"Damiani E, Vimercati SDC, Jajodia S, Paraboschi S, Samarati P. Balancing confidentiality and efficiency in untrusted relational DBMSs. Proc. 10th ACM Conf. Comput. Commun. Secur. CCS 03 [Internet]. New York, New York, USA: ACM Press; 2003. p. 93\u2013102.","DOI":"10.1145\/948109.948124"},{"key":"905_CR44","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1145\/1053283.1053289","volume":"8","author":"A Ceselli","year":"2005","unstructured":"Ceselli A, Damiani E, Di VSDC, Jajodia S, Paraboschi S, Samarati P. Modeling and assessing inference exposure in encrypted databases. ACM Trans. Inf. Syst. Secur. 2005;8:119\u201352.","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"905_CR45","first-page":"44","volume":"6818 LNCS","author":"V Ciriani","year":"2011","unstructured":"Ciriani V, De Capitani Di Vimercati S, Foresti S, Livraga G, Samarati P. Enforcing confidentiality and data visibility constraints: An OBDD approach. Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics). 2011;6818 LNCS:44\u201359.","journal-title":"Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics)"},{"key":"905_CR46","doi-asserted-by":"crossref","unstructured":"Ciriani V, Di VS, Foresti S. Fragmentation and encryption to enforce privacy in data storage. ESORICS\u201907 proc. 12th Eur. Conf Res Comput Secur. 2007.","DOI":"10.1007\/978-3-540-74835-9_12"}],"container-title":["BMC Medical Informatics and Decision Making"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s12911-019-0905-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s12911-019-0905-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s12911-019-0905-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,9,2]],"date-time":"2020-09-02T23:10:09Z","timestamp":1599088209000},"score":1,"resource":{"primary":{"URL":"https:\/\/bmcmedinformdecismak.biomedcentral.com\/articles\/10.1186\/s12911-019-0905-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9,4]]},"references-count":46,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,12]]}},"alternative-id":["905"],"URL":"https:\/\/doi.org\/10.1186\/s12911-019-0905-x","relation":{},"ISSN":["1472-6947"],"issn-type":[{"value":"1472-6947","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,9,4]]},"assertion":[{"value":"1 March 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 August 2019","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 September 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Not applicable.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"The authors declare that they have no competing interests.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"178"}}