In spite of the importance of security in process models, the domain of BPM and BPMS which stand for "Business Process Management" and "Business Process Management System", provide only little support for securing sensitive data. Nevertheless, privacy and confidentiality in BPMS solutions is still missing. This is particularly required for e-health applications. In this paper, we address the problem of privacy requirements and discuss data encryption approaches for personal information of patients and doctors in the database of a BPMS solutions in Intelligent assistance system for a COVID-19 crisis unit (SMART2C).