entici ("/ɛn ti si/", pronounced like ’n’-’t’-‘c’) is a FHIR based identity management software. Its main functionality is pseudonymization. The software generates pseudonyms for arbitrary identifiers and stores the mapping. Based on the FHIR standard, entici supports the processing of FHIR resources with one or more identifiers. In case of a Patient resource, further identifying data such as name or gender can be stored. Besides pseudonymization, the software supports de-pseudonymization as well as generation of project-based pseudonyms.

entici has been developed since 2016 in the context of the MI-I  consortium DIFUTURE  in order to provide the newly established trustcenters on a technical level. Within the DIFUTURE architecture, the role of the trustcenter is to reduce disclosure risks and to implement the regulatory requirement of data minimization by early pseudonymization. To this end, the trustcenter is an organizational and technical unit responsible for separately storing various types of information which are associated with a high risk of identifiability and which are not needed by the Data Integration Center (DIC) on a daily basis. The processes supported by the trustcenter all require the use of identifying information:

• The management of identifying data and corresponding identifiers for patients and probands from clinical and research systems, with the aim of uniquely reconciling data from different sources to the corresponding individuals.
• Pseudonymization or de-pseudonymization of data with the aim of implementing the legal requirement of data minimization and to reduce privacy risks.
• Participation in the implementation of consent withdrawals, requests for data deletion or transfer and their procedural consequences.

In order to implement these processes the DIFUTURE architecture closely follows the data protection guideline of the TMF - Technologies, Methods and Infrastructure for Networked Medical Research e.V. . As is shown in the figure above, the guideline describes an identity management module which is typically located within the trustcenter and which comprises the components patient list and pseudonymization service. The patient list is responsible for mapping the identifying data (called IDAT in the TMF guideline) to a patient or proband identifier (called PID in the TMF guideline), which is a level-1 pseudonym, while the pseudonymization service associates each patient or proband identifier to a level-2 pseudonym (called PSN in the TMF guideline).

In the DIFUTURE architecture the trustcenter stores identifiers from the primary source systems and further identifying data. Identical identifiers are mapped to identical pseudonyms in the trustcenter (cf. Synthetic Derivative of the VUMC). Changes of identifiers and mergers, e.g. of patient identities, can be handled during the transfer of data to the DIC by annotating the source data with several identifiers of the same type (e.g. multiple identifiers per patient). In the trustcenter, they will then be mapped to a common pseudonym.

entici implements the two services foreseen by the TMF guideline (patient list and pseudonymization service) by using the same software component, albeit with different configurations. All relevant services accept FHIR Bundles containing arbitrary resources, such as patient or encounter.

To reflect the fact that our components are able to handle a multitude of different information in addition to the information represented by the patient resource, we use the term entity list instead of patient list. As above, a generic component called resource list can be configured to act as a service for managing identifying information (i.e. the entity list foreseen by the TMF) and as a service for managing pseudonyms (i.e. the pseudonymization service in the TMF guideline).