Eskeland, SigurdOleshchuk, VladimirStormer, HenrikMeier, AndreasSchumacher, Michael2019-07-112019-07-112006978-3-88579-185-0https://dl.gi.de/handle/20.500.12116/24008Due to the sensitivity of personal medical information, this paper addresses the need of hiding patient identities - in contrast to only keeping their medical data confidential. Thus, it is desirable that personal and meaningful patient identity information like names, addresses, personal identity numbers, etc., are not to be linked to disclosed electronic patient records (EPR). To achieve this, we propose a scheme that enables patients to anonymously grant medical teams authorization to access their EPRs without revealing their identities to the teams providing medical care. An essential benefit is that it enables patients to exert control over their own medical data. A security evaluation is included.enText/Conference Paper1617-5468