Privacy-Preserving Record Linkage

Routine care data are processed without individual consent under the German Health Care Utilisation Act, which serves as a GDPR opening clause for public-interest health research. Fields needed for approximate matching are encoded using Bloom filters to enable privacy-preserving record linkage. Direct identifiers in routine data are replaced with salted cryptographic hashes before linkage. The linked and deidentified research dataset is analysed exclusively inside the AKTIN Trusted Data Analytics Centre, a protected research environment. A consent-based approach would likely exclude patients with complex and resource-intensive pathways, biasing the dataset and weakening insight into coordination gaps affecting vulnerable groups.