De-ID

Health and care data are incredibly valuable for research and planning but protecting people’s privacy is just as important.  De-identifying records means we can use the data safely and data can only be linked where authorised.

Whilst protecting identifiable data and controlling the linking of data sets, the central De-ID solution also enables improved linkage across data sources. This maximises the value of the data and enriches analysis by providing a more complete picture of health and care data. 

De-ID:

• protects privacy and ensure compliance with legislation
• enables better data linkage without using identifiable information
• safely provides useful data for better analysis.

De-ID works by controlling how personal data can be linked by using identifiers such as NHS Number. De-ID is a set of processes that enables the creation of a different pseudonym value each time the data is made available through the Data Access Request Service (DARS).

It allows data to be linked for an approved purpose, by using the pseudonym rather than a personal identifier, such as NHS Number, therefore avoiding the risk of directly identifying a person.

De-ID allows data to be processed using encrypted person identifiers. Even if source data is breached, it cannot be linked without access to the secure private key.

By creating two levels of encryption, data can be linked without using the original identifier. The data is encrypted before submission and not passed into or stored in the De-ID service.

Original identifiers are not shared with data users. To identify the original records, you would need to access to:

• the shared data
• the mapping of pseudonyms to encrypted identifiers (which is stored in a secure environment separate from the data)
• the secure private key used to encrypt the original identifier