In order to implement general data protection requirements and internationally recognised ethical requirements, research with personal health and social data demands a specific framework for the secure handling of confidential data. In the process of transferring data from the health service providers to the place where they are analysed, an important role is played by a so-called trust centre, responsible for pseudonymisation of personal and institutional identifiers. An undesirable concentration of data in the trust centre can be avoided by early separation of data in the data transfer institution: the trust centre receives only the identifier to be pseudonymised, while the health provision data are sent direct to the analysing institution, where they can be matched with the pseudonyms from the trust centre, with the help of a unique case number. The possibility of reidentification, which exists mainly in large (pseudonymised) data sets, can be reduced by use of an appropriate pseudonymisation process (e.g. insuree-based pseudonymisation by health service providers for sampling of insurees). The measures described here are suitable for protecting confidentiality and for further improving data security in the handling of confidential personal and institutional data.