De-Identification Handbook
2.0.0-comment - ballot International flag

De-Identification Handbook, published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 2.0.0-comment built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.DeIdHandbook/ and changes regularly. See the Directory of published versions

References

  1. ISO 25237. (2017). Health informatics — Pseudonymization (ISO 25237:2017; Number ISO 25237:2017). International Organization for Standardization. https://www.iso.org/standard/63553.html
  2. ISO/IEC 20889. (2018). Privacy enhancing data de-identification terminology and classification of techniques (Standard ISO/IEC 20889:2018(E); Number ISO/IEC 20889:2018(E)). International Organization for Standardization. https://www.iso.org/standard/69373.html
  3. GDPR. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council. European Parliament and Council of the European Union. https://data.europa.eu/eli/reg/2016/679/oj
  4. PIPL. (2021). Personal Information Protection Law of the People’s Republic of China. National People’s Congress of the People’s Republic of China (NPC). http://en.npc.gov.cn.cdurl.cn/2021-12/29/c_694559.htm
  5. NIST 800-188. (2023). De-identifying Government Datasets (Special Publication No. 800-188; Numbers 800-188). National Institute of Standards and Technology. https://doi.org/10.6028/nist.sp.800-188
  6. European Data Protection Board. (2025). Guidelines 01/2025 on Pseudonymisation. https://www.edpb.europa.eu/system/files/2025-01/edpb_guidelines_202501_pseudonymisation_en.pdf
  7. European Data Protection Board. (2025). Guidelines 01/2025 on the Anonymisation of Personal Data. https://www.edpb.europa.eu/system/files/2025-06/edpb_guidelines_202501_anonymisation_en.pdf
  8. Information Commissioner’s Office. (2025). Pseudonymisation. Information Commissioner’s Office. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-sharing/anonymisation/pseudonymisation/#pseudonymiseddatastillpersonal
  9. Office for Civil Rights. (2025). Methods for De-identification of PHI. HHS.gov. https://www.hhs.gov/hipaa/for-professionals/special-topics/de-identification/index.html#rationale
  10. Hintze, M. (2017). Viewing the GDPR through a de-identification lens: a tool for compliance, clarification, and consistency. International Data Privacy Law, 8(1), 86–101. https://doi.org/10.1093/IDPL/IPX020
  11. U.S. Congress. (1996). Health Insurance Portability and Accountability Act of 1996. Public Law 104-191. https://www.govinfo.gov/content/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf
  12. GB/T 42460. (2023). Information security technology - Guide for evaluating the effectiveness of personal information de-identification (Standard GB/T 42460—2023; Number GB/T 42460—2023). State Administration for Market Regulation Standardization Administration of China. https://www.iso.org/standard/69373.html
  13. University of Manchester. (2024). Anonymisation decision-making framework: European practitioners’ guide (2nd ed.). University of Manchester. https://ukanon.net/wp-content/uploads/2024/01/adf-2nd-edition-european-practitioners-guide-final-version-cover-2024-version-2.pdf
  14. National Electrical Manufacturers Association. (2025). DICOM Part 15, Annex E: Security and System Management Profiles — Attribute Confidentiality Profiles (PS3.15 Annex E; Number PS3.15 Annex E). National Electrical Manufacturers Association. https://dicom.nema.org/medical/dicom/current/output/chtml/part15/chapter_E.html
  15. ISO/IEC 27559. (2022). Information security, cybersecurity and privacy protection — Privacy enhancing data de-identification framework (ISO/IEC 27559:2022; Number ISO/IEC 27559:2022). International Organization for Standardization. https://www.iso.org/standard/71677.html
  16. ISO 27799. (2025). Health informatics — Information security management in health using ISO/IEC 27002. International Organization for Standardization. https://www.iso.org/standard/86754.html
  17. ISO/TS 22220. (2011). Health informatics — Identification of subjects of care (ISO/TS 22220:2011; Number ISO/TS 22220:2011). International Organization for Standardization. https://www.iso.org/standard/44439.html
  18. Article 29 Data Protection Working Party. (2014, April 10). Opinion 05/2014 on anonymisation techniques (WP216). European Commission. https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf
  19. HP. Efficient signature schemes supporting redaction, pseudonymization, and data deidentification. HP. HPL-2007-191
  20. Schneier, Bruce. Commentary on the Importance of a Systemic Approach to Security. Bruce Schneier. Essay-028
  21. UK Redaction Toolkit. A United Kingdom government document describing a toolkit for removing content prior publication for various legal reasons. REDACTION GUIDELINES FOR THE EDITING OF EXEMPT INFORMATION FROM PAPER AND ELECTRONIC DOCUMENTS PRIOR TO RELEASE
  22. DICOM. DICOM current publication
  23. DICOM Part 15 Annex E. Discusses clinical trials, double-blinding, traceability (relinking) to original content, preserving data needed for the trial. DICOM Part 15, Annex E current publication
  24. Moehrke. De-Identification is Highly Contextual. (2009) De-Identification is highly contextual
  25. HITSP. HITSP Biosurveillance Use Case Presentation. Lists summary of units of data exchange and values that should be pseudonymized. HITSP Biosurveillance Use Case presentation
  26. NIH Biosurveillance Test Case Scenarios. Presentation by David Dobbs on the Biosurveillance Use Case and Minimum Data Elements
  27. NHN Biosurveillance Test Scenarios. NHN Testing Work Group document *Biosurveillance Test Case Scenarios. 2008-10-03.xls* file, draft.
  28. Dresden Anonymity. A proposed vocabulary for pseudonymization and related concepts. Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management – A onsolidated Proposal for Terminology* (Version v0.31 Feb. 15, 2008)
  29. MIT Reidentification. Shows that a large percentage of people can be re-identified with Date-of-Birth, Current ZIP Code, and Sex. Reidentification of Individuals in Chicago's Homicide Database A Technical and Legal Study
  30. European Medicines Agency. (2025, May 14). External guidance on the implementation of the European Medicines Agency Policy 0070 on the publication of clinical data for medicinal products for human use (Version 1.5). https://www.ema.europa.eu/en/documents/regulatory-procedural-guideline/external-guidance-implementation-european-medicines-agency-policy-publication-clinical-data-medicinal-products-human-use-version-15_en.pdf
  31. Information and Privacy Commissioner of Ontario. (2025). De-identification Guidelines for Structured Data. https://www.ipc.on.ca/sites/default/files/legacy/2016/08/Deidentification-Guidelines-for-Structured-Data.pdf
  32. Branson, J., Good, N., Chen, JW. et al. (2020). Evaluating the re-identification risk of a clinical study report anonymized under EMA Policy 0070 and Health Canada Regulations. Trials 21, 200. https://doi.org/10.1186/s13063-020-4120-y
  33. Sweeney, L. (2002). k-anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05), 557-570. https://doi.org/10.1142/s0218488502001648
  34. Dwork, C., & Roth, A. (2014). The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science, 9(3-4), 211-407. https://doi.org/10.1561/0400000042
  35. El Emam, K. (2013). Guide to the de-identification of personal health information. Auerbach Publications. https://doi.org/10.1201/b14754
  36. Shahid, A., Bazargani, M. H., Banahan, P., Mac Namee, B., Kechadi, T., Treacy, C., Regan, G., & MacMahon, P. (2022). A Two-Stage De-Identification Process for Privacy-Preserving Medical Image Analysis. Healthcare (Basel, Switzerland), 10(5), 755. https://doi.org/10.3390/healthcare10050755
  37. Mayer, D. A., Teubert, D., Wetzel, S., & Meyer, U. (2011). Implementation and performance evaluation of privacy-preserving fair reconciliation protocols on ordered sets. In Proceedings of the First ACM Conference on Data and Application Security and Privacy (pp. 109–120). Association for Computing Machinery. https://doi.org/10.1145/1943513.1943529
  38. Domingo-Ferrer, J., & Mateo-Sanz, J. M. (2002). Practical data-oriented microaggregation for statistical disclosure control. IEEE Transactions on Knowledge and Data Engineering, 14(1), 189–201. https://doi.org/10.1109/69.979982
  39. Poulis, G., Loukides, G., Gkoulalas-Divanis, A., & Skiadopoulos, S. (2013). Anonymizing Data with Relational and Transaction Attributes. ECML/PKDD.
  40. Liu, K., & Terzi, E. (2008). Towards identity anonymization on graphs. Proceedings of the 2008 ACM SIGMOD international conference on Management of data.
  41. NIST. (2024). Guidelines for Evaluating Differential Privacy Guarantees (Special Publication No. 800-226). National Institute of Standards and Technology. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-226.pdf
  42. Future of Privacy Forum. (2020, April). A practical path toward genetic privacy. https://fpf.org/wp-content/uploads/2020/04/APracticalPathTowardGeneticPrivacy_April2020.pdf
  43. IHE International. (2025). IHE radiology technical framework, volume 1: Integration profiles (Rev. 23.0). https://www.ihe.net/uploadedFiles/Documents/Radiology/IHE_RAD_TF_Vol1.pdf
  44. O'Keefe, C., Otorepec, S., Elliot, M., Mackey, E., & O'Hara, K. (2017). The de-identification decision-making framework. CSIRO Data61. https://doi.org/10.4225/08/59c169433efd4
  45. Information and Privacy Commissioner of Ontario. (2025). De-identification guidelines for structured data. https://www.ipc.on.ca/sites/default/files/legacy/2016/08/Deidentification-Guidelines-for-Structured-Data.pdf
  46. Jiang, Y., Mosquera, L., Jiang, B., Kong, L., & El Emam, K. (2022). Measuring re-identification risk using a synthetic estimator to enable data sharing. PLOS ONE, 17(6), e0269097. https://doi.org/10.1371/journal.pone.0269097