Double encryption of anonymized electronic of anonymized electronic data interchange

GP or general practitioner plays an important role in the health care system. Most of the patients have only one GP, who acts like a gateway for the health care system and who is informed that the specialist and hospital colleagues about their treatments. Since the PC system needs many cases, we prefer electronic data. This preference became a requirement for several reason: the collection of data is much easier, the readability is a lot higher, and automatic selection becomes simpler. More important is the change of data during input. In order to transmit data from the GP to the central database of IPCI, they use the edifact standard for electronic messages. They developed the new carrier-message MEDEUR in order to be able to put as much coded and as much structured data in the EPR into the message. The randomized number is kept as a link to the patient in the GP system for two reasons. First since the GP sends the messages monthly it contains only the data added in that month and we must able to store the new data in the right patient record. Second, we want to allow the GP to go back to a patient based on the random number of our research database. Once the data is in the central database of IPCI, no one is allowed to have access, unless permission from the supervisory board is given. To keep the GP a sender of anonymized data also anonymous we have to solve two main problems. As soon as data are sent electronically the senders identification is automatically added to the message. To anonymize the sender, an automatic process of replacing this identification must be implemented.