We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
‘De-identification’ protects people’s data and enables safe linkage across data sources. This enriches analysis by providing a more complete picture of health and care data.
Health and care data are incredibly valuable for research and planning but protecting people’s privacy is just as important. De-identifying records means we can use the data safely and data can only be linked where authorised.
Whilst protecting identifiable data and controlling the linking of data sets, the central De-ID solution also enables improved linkage across data sources. This maximises the value of the data and enriches analysis by providing a more complete picture of health and care data.
protects privacy and ensure compliance with legislation
enables better data linkage without using identifiable information
safely provides useful data for better analysis.
How De-ID works
De-ID works by controlling how personal data can be linked by using identifiers such as NHS Number. De-ID is a set of processes that enables the creation of a different pseudonym value each time the data is made available through the Data Access Request Service (DARS).
It allows data to be linked for an approved purpose, by using the pseudonym rather than a personal identifier, such as NHS Number, therefore avoiding the risk of directly identifying a person.
How De-ID protects data privacy
De-ID allows data to be processed using encrypted person identifiers. Even if source data is breached, it cannot be linked without access to the secure private key.
By creating two levels of encryption, data can be linked without using the original identifier. The data is encrypted before submission and not passed into or stored in the De-ID service.
Original identifiers are not shared with data users. To identify the original records, you would need to access to:
the shared data
the mapping of pseudonyms to encrypted identifiers (which is stored in a secure environment separate from the data)
the secure private key used to encrypt the original identifier
The Data Access Environment (DAE) is the secure way users can remotely access better linked information and ensures the right person, with the right permissions gets the right data, in accordance with their Data Sharing Agreement (DSA).