Dataflow: (Fig. 1)

Explanation of used terminology:

Encryption: the process whereby an algorithm is used to reversibly transform data (in this context medical data) for the purpose of covering the real content from interceptors so data can be sent securely from sender to recipient. The algorithm requires one or several keys, depending on the type of encryption used (see further)

Symmetric encryption: a subtype of encryption where sender and recipient use the same key for encryption and decryption

Asymmetric encryption: generally considered a safer subtype of encryption where a key pair is used. The key pair belongs to the recipient and shares one of its keys (i.e. the public key) to authorized senders. This public key is then used for data encryption. The recipient is the sole owner of the other key (i.e. private key) and needs to keep the location of this key secured. The private key can be used to decrypt the encrypted message. The use of keys is interchangeable, and so the choice of public and private key is arbitrary

Encoding: similar to encryption, this process is used to (ir)reversibly transform data. The purpose is to conceal the content from the recipient (see further). This is achieved by first sending the personal data to a Trusted Third Party (TTP). For encoding, only one key is used and the TTP is the sole owner of this key. In case of a reversible encoding process, the same key can be used to decode the data by the TTP

Pseudonymisation: if the same algorithm and key are used by the TTP to encode the same piece of data, the process will always yield the same result. In this context, Pseudonymisation is used to encode personal data (social security number patient, identification number physician) yielding a unique identification cipher, or pseudonym, for these individuals. This way data can be linked to individuals while protecting their privacy by concealing their true identity at the same time.