Skip to main content
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. More about the merger.


‘De-identification’ protects people’s data and enables safe linkage across data sources. This enriches analysis by providing a more complete picture of health and care data.

Health and care data are incredibly valuable for research and planning but protecting people’s privacy is just as important.  De-identifying records means we can use the data safely and data can only be linked where authorised.

Whilst protecting identifiable data and controlling the linking of data sets, the central De-ID solution also enables improved linkage across data sources. This maximises the value of the data and enriches analysis by providing a more complete picture of health and care data. 


  • protects privacy and ensure compliance with legislation
  • enables better data linkage without using identifiable information
  • safely provides useful data for better analysis.

How De-ID works

De-ID works by controlling how personal data can be linked by using identifiers such as NHS Number. De-ID is a set of processes that enables the creation of a different pseudonym value each time the data is made available through the Data Access Request Service (DARS).

It allows data to be linked for an approved purpose, by using the pseudonym rather than a personal identifier, such as NHS Number, therefore avoiding the risk of directly identifying a person.

How De-ID protects data privacy

De-ID allows data to be processed using encrypted person identifiers. Even if source data is breached, it cannot be linked without access to the secure private key.

By creating two levels of encryption, data can be linked without using the original identifier. The data is encrypted before submission and not passed into or stored in the De-ID service.

Original identifiers are not shared with data users. To identify the original records, you would need to access to:

  • the shared data
  • the mapping of pseudonyms to encrypted identifiers (which is stored in a secure environment separate from the data)
  • the secure private key used to encrypt the original identifier

Further information

internal Data Access Environment (DAE)

The Data Access Environment (DAE) is the secure way users can remotely access better linked information and ensures the right person, with the right permissions gets the right data, in accordance with their Data Sharing Agreement (DSA).

internal Master Person Service (MPS)

The Master Person Service (MPS) helps us increase the amount of usable, better-quality data available to support research and planning.


Last edited: 13 October 2020 3:58 pm