Accepted for/Published in: Journal of Medical Internet Research
Date Submitted: Jan 27, 2025
Date Accepted: Aug 17, 2025
The Advanced Confidentiality Engine (ACE) - A Scalable Tool for the Pseudonymization of Biomedical Data in Translational Settings: Development and Usability Study
ABSTRACT
Background:
Pseudonymization refers to a process in which data that directly identifies individuals, such as names and addresses, are stored separately from data needed for scientific purposes. The connection between both types of data is maintained through a protected link, represented by pseudonyms. This is a central data protection method in translational research, which enables researchers to collect, process, and share data while adhering to “data protection by design and by default” and data minimization best practices. However, integrating pseudonymization into high-throughput data processing workflows is challenging and open-source solutions are rare.
Objective:
This paper introduces the Advanced Confidentiality Engine (ACE), a highly scalable open-source pseudonymization service focused on creating and managing the protected link between identifying and research data.
Methods:
ACE has been designed to have a lean architecture, consisting of a compact database schema that mimics the design of data warehouses. It is implemented using modern open-source software technologies and provides a Representational State Transfer (REST) Application Programming Interface (API). Amongst its features are a fine-grained access control mechanism, a domain-based structuring of pseudonyms with attribute inheritance and a comprehensive audit trail. We performed a structured evaluation to study ACE's scalability under various workload scenarios.
Results:
For generating protected links, ACE supports nine different pseudonymization algorithms, including approaches based on cryptographic primitives and random number generation. Pseudonyms can be encoded using different alphabets that can be combined with check digits. Pseudonyms can be annotated with metadata, such as validity periods, and those properties can be inherited through a hierarchical domain structure. As all information is persisted by ACE, it supports pseudonymization and de-pseudonymization for which access can be controlled individually. Our experiments show that ACE is able to handle thousands of transactions per second in different workload settings. ACE combines the efficiency of cryptography-based pseudonymization methods with the flexibility of persistence-based approaches.
Conclusions:
ACE is a modern and highly scalable implementation of a pseudonymization service tailored towards the specific requirements in biomedical research. It is available as open-source software. As the space of openly available pseudonymization services is limited, we believe that ACE is valuable to institutions establishing or improving their translational data infrastructure.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.