A new concept to ensure data privacy and data security in cancer registries.

In order to conform to the rigid German legislation on data privacy and security, a new concept of data flow and data storage for population-based cancer registries has been developed. This paper describes the basic principles of this approach and presents results from a pilot study in Rheinland-Pfalz. The cancer registry consists of two offices. The first office handles the notification of cases and communicates with the reporting physicians. It performs encryption of identifying data and passes encrypted records to the second office for permanent storage. Record linkage is performed with the encrypted data in the second office. This paper describes in detail how different encryption techniques are used for different purposes in order to ensure optimal security and the usability of the data. Our record linkage study shows that it is possible to keep both synonym and homonym error rates below 1%--acceptable both for routine performance of a registry and for scientific analyses. The methods described are not restricted to cancer registration and may therefore serve as a model for comparable MI applications.