Layered Privacy Language Pseudonymization Extension for Health Care.

Enforcement of General Data Protection Regulation strengthens privacy in Europe and especially emphasizes protection of special categories of data as required in health care. Layered Privacy Language intends to model privacy policies to enforce them. Hereby, a special focus lays on the Policy-based De-identification process, which is based on anonymization and privacy models. Motivated by a health care scenario, this work shows pseudonymization capabilities are essential for health care. An overview of pseudonymization methods is given, showing a great variety of methods for different use cases. Therefore, a pseudonymization extension for Layered Privacy Language is introduced to define several pseudonymization methods. Furthermore, pseudonymization is added to Policy-based De-identification process of the overarching privacy framework of Layered Privacy Language. An example policy configuration is given demonstrating the introduced pseudonymization extension on the given health care example. The results are discussed, concluded, and future work is introduced.