Today, the healthcare sector is driven by the need to reduce costs while simultaneously increasing the service quality for patients. This goal can be reached by the implementation of electronic health records. Although several architectures have been proposed, these approaches lack appropriate security mechanisms to protect the patients'privacy. This paper outlines our approach called PIPE, which is applicable for the primary and secondary usage of health data, and gives insights on the security of our technique. Furthermore, we state the economic constraints of using a threshold scheme to secure the tokens needed for accessing the system.