# The Advanced Confidentiality Engine as a Scalable Tool for the Pseudonymization of Biomedical Data in Translational Settings: Development and Usability Study

**Authors:** Armin Müller, Eric Wündisch, Felix Nikolaus Wirth, Sophie Meier zu Ummeln, Joachim Weber, Fabian Prasser

PMC · DOI: 10.2196/71822 · 2025-11-05

## TL;DR

The paper introduces ACE, a scalable open-source tool for pseudonymizing biomedical data, which helps protect privacy while enabling efficient data sharing in research.

## Contribution

The paper presents ACE, a novel open-source pseudonymization service with a lean architecture and high scalability for biomedical data processing.

## Key findings

- ACE can handle approximately 6000 transactions per second across various workload scenarios.
- ACE combines cryptographic pseudonymization with persistence-based flexibility through features like domain-based structuring and metadata annotation.

## Abstract

Pseudonymization refers to a process in which data that directly identify individuals, such as names and addresses, are stored separately from data needed for scientific purposes. The connection between both types of data is maintained through a protected link, represented by pseudonyms. This is a central data protection method in translational research, which enables researchers to collect, process, and share data while adhering to “data protection by design and by default” and data minimization best practices. However, integrating pseudonymization into high-throughput data processing workflows is challenging, and open-source solutions are rare. A typical example is the need to pseudonymize millions of electronic health records for secondary use in translational research platforms.

This paper introduces the Advanced Confidentiality Engine (ACE), a highly scalable open-source pseudonymization service focused on creating and managing the protected link between identifying and research data.

ACE has been designed to have a lean architecture, consisting of a compact database schema that mimics the design of data warehouses. It is implemented using modern open-source software technologies and provides a Representational State Transfer application programming interface. Among its features are a fine-grained access control mechanism, a domain-based structuring of pseudonyms with attribute inheritance, and a comprehensive audit trail. We performed a structured evaluation to study ACE’s scalability under various workload scenarios.

For generating protected links, ACE supports 9 different pseudonymization algorithms, including approaches based on cryptographic primitives and random number generation. Pseudonyms can be encoded using different alphabets that can be combined with check digits. Pseudonyms can be annotated with metadata, such as validity periods, and those properties can be inherited through a hierarchical domain structure. As all information is persisted by ACE, it supports pseudonymization and depseudonymization, for which access can be controlled individually. Our experiments show that ACE is able to handle around 6000 transactions per second in different workload settings. ACE combines the efficiency of cryptography-based pseudonymization methods with the flexibility of persistence-based approaches.

ACE is a modern and highly scalable implementation of a pseudonymization service tailored toward the specific requirements in biomedical research. It is available as open-source software. As the space of openly available pseudonymization services is limited, we believe that ACE is valuable to institutions establishing or improving their translational data infrastructure.

## Full-text entities

- **Genes:** AP2B1 (adaptor related protein complex 2 subunit beta 1) [NCBI Gene 163] {aka ADTB2, AP105B, AP2-BETA, CLAPB1}
- **Diseases:** OSS (MESH:D005597), gPAS (MESH:D004829), Rare Disease (MESH:D035583)
- **Chemicals:** lACE (-), salt (MESH:D012492)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Figures

8 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12631087/full.md

---
Source: https://tomesphere.com/paper/PMC12631087