|
Why De-identify?
NHS Organisations - In accordance with Confidentiality: NHS Code of Practice, NHS organisations are required to de-identify patient information for use in research, teaching, auditing, management activities and other secondary uses. The Pseudonymisation Implementation Project (PIP) required NHS organisations to set plans by 2 October 2009 for implementing pseudonymisation functionality by April 2011.
Research Organisations - Those seeking approval from the National Information Governance Board (NIGB) Ethics & Confidentiality Committee (ECC) for access to patient data under section 251 of the NHS Act 2006 may qualify for fast track approval if access is to enable de-identification (via pseudonymisation) of the data.
Commercial Organisations - When it comes to the privacy of personal data, commercial entities will always be held to a higher standard than the public sector. After severe breaches, civil servants are disciplined and some have even been dismissed but commercial entities have lost entire contracts.
For all entities, regardless of public or private sector, best practice use of de-identified data can minimise your organisation’s risk levels, improve access to data by fostering a sense of trust and ultimately justify the use of “opt-out” consent, rather than the suffocating “opt-in” default.
Sapior solutions provide clear evidence of applying best practices to significantly reduce privacy breach risks.
The Caldicott Guardian offers the following good description of pseudonymisation:
“...a technique used for removing patient identifiers from records. When consistently applied, pseudonymisation enables records to be linked over different data sets, different organisations and time, so that a population view of health care and associated activities can be developed from the de-personalised records, that is without identifying individuals.”
The main difference of pseudonymisation as compared to anonymisation is that it is possible for the data controller to re-identify individuals on a permission-basis using a key or index. Pseudonymisation also allows information about the same individual but from different sources to be linked in a way that true anonymisation does not.
De-identification (via pseudonymisation) is useful for:
Distinguishing vs identifying - when strong identifiers (NHS or National Insurance number) are being used to link an individual’s data and distinguish them from others, but there is no actual need to identify the individual
Re-identification - when there is a need to re-identify individuals for follow up activities
Extra sensitive data - an extra layer of privacy can be applied for particularly sensitive data such as mental or sexual health and children’s health data
Access without consent - Fast track ECC approval may be granted when accessing data for the purpose of pseudonymising prior to use
Preventing casual recognition - makes data self-evidently less readable thus preventing casual recognition of sensitive data copied from, for example, hospital administration systems |
