Lost in Anonymization — A Data Anonymization Reference Classification Merging Legal and Technical Considerations


In recent years, advances in technology have enabled research with health data derived from large volumes of electronic health records (EHR) and other health-related data sources to improve innovation and quality in medicine. This has also been accelerated through national and international efforts offering access to repositories containing an increasing amount of clinical knowledge and collaborative platforms harmonizing not only the algorithms used, but also ontologies enabling better interoperability. At the same time there is growing concern that the use of health data for publicly-funded research may lead to exposure of patients’ personal information, which potentially increases, among other things, risks for discrimination. Legislators have addressed this issue by implementing regulations to protect patient privacy, often focusing on data anonymization, i.e., the removal or masking of identifiable information. In this study we analyze, how the regulations in three jurisdictions (United States, European Union, Switzerland) distinguish between different levels of anonymization of health data, and assess whether and how these levels align with technical advancements.

The Journal of Law, Medicine & Ethics