Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2019 May 31;21(5):e13484.
doi: 10.2196/13484.

Use and Understanding of Anonymization and De-Identification in the Biomedical Literature: Scoping Review

Raphaël Chevrier  1   2 Vasiliki Foufi  1   2 Christophe Gaudet-Blavignac  1   2 Arnaud Robert  1   2 Christian Lovis  1   2
Affiliations

Use and Understanding of Anonymization and De-Identification in the Biomedical Literature: Scoping Review

Raphaël Chevrier et al. J Med Internet Res. .

Abstract

Background: The secondary use of health data is central to biomedical research in the era of data science and precision medicine. National and international initiatives, such as the Global Open Findable, Accessible, Interoperable, and Reusable (GO FAIR) initiative, are supporting this approach in different ways (eg, making the sharing of research data mandatory or improving the legal and ethical frameworks). Preserving patients' privacy is crucial in this context. De-identification and anonymization are the two most common terms used to refer to the technical approaches that protect privacy and facilitate the secondary use of health data. However, it is difficult to find a consensus on the definitions of the concepts or on the reliability of the techniques used to apply them. A comprehensive review is needed to better understand the domain, its capabilities, its challenges, and the ratio of risk between the data subjects' privacy on one side, and the benefit of scientific advances on the other.

Objective: This work aims at better understanding how the research community comprehends and defines the concepts of de-identification and anonymization. A rich overview should also provide insights into the use and reliability of the methods. Six aspects will be studied: (1) terminology and definitions, (2) backgrounds and places of work of the researchers, (3) reasons for anonymizing or de-identifying health data, (4) limitations of the techniques, (5) legal and ethical aspects, and (6) recommendations of the researchers.

Methods: Based on a scoping review protocol designed a priori, MEDLINE was searched for publications discussing de-identification or anonymization and published between 2007 and 2017. The search was restricted to MEDLINE to focus on the life sciences community. The screening process was performed by two reviewers independently.

Results: After searching 7972 records that matched at least one search term, 135 publications were screened and 60 full-text articles were included. (1) Terminology: Definitions of the terms de-identification and anonymization were provided in less than half of the articles (29/60, 48%). When both terms were used (41/60, 68%), their meanings divided the authors into two equal groups (19/60, 32%, each) with opposed views. The remaining articles (3/60, 5%) were equivocal. (2) Backgrounds and locations: Research groups were based predominantly in North America (31/60, 52%) and in the European Union (22/60, 37%). The authors came from 19 different domains; computer science (91/248, 36.7%), biomedical informatics (47/248, 19.0%), and medicine (38/248, 15.3%) were the most prevalent ones. (3) Purpose: The main reason declared for applying these techniques is to facilitate biomedical research. (4) Limitations: Progress is made on specific techniques but, overall, limitations remain numerous. (5) Legal and ethical aspects: Differences exist between nations in the definitions, approaches, and legal practices. (6) Recommendations: The combination of organizational, legal, ethical, and technical approaches is necessary to protect health data.

Conclusions: Interest is growing for privacy-enhancing techniques in the life sciences community. This interest crosses scientific boundaries, involving primarily computer science, biomedical informatics, and medicine. The variability observed in the use of the terms de-identification and anonymization emphasizes the need for clearer definitions as well as for better education and dissemination of information on the subject. The same observation applies to the methods. Several legislations, such as the American Health Insurance Portability and Accountability Act (HIPAA) and the European General Data Protection Regulation (GDPR), regulate the domain. Using the definitions they provide could help address the variable use of these two concepts in the research community.

Keywords: anonymisation; anonymization; confidentiality; data protection; de-identification; deidentification; privacy; pseudonymization; scoping review; secondary use.

PubMed Disclaimer

Conflict of interest statement

Conflicts of Interest: CL is Editor-in-Chief for JMIR Medical Informatics.

Figures

Figure 1
Figure 1
Architecture and breakdown of the search query with the number of records at each level. [ti]: Title; [tiab]: Title/Abstract.
Figure 2
Figure 2
Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) flow diagram for the scoping review process (ie, screening, eligibility, and inclusion).
Figure 3
Figure 3
Representation of the 60 publications according to the date of publication, the number of articles per year, and the authors’ locations. The size of the discs used on the graph represents each country’s contribution in number of articles over the studied period (10 years). The exact count is shown between brackets next to each country’s name.
See this image and copyright information in PMC

References

    1. Final NIH Statement on Sharing Research Data. Bethesda, MD: National Institutes of Health; 2003. Feb 26, [2019-01-24]. https://grants.nih.gov/grants/guide/notice-files/NOT-OD-03-032.html .
    1. Institute of Medicine (IOM) Sharing Clinical Trial Data: Maximizing Benefits, Minimizing Risk. Washington, DC: The National Academies Press; 2015. - PubMed
    1. Safran C, Bloomrosen M, Hammond WE, Labkoff S, Markel-Fox S, Tang PC, Detmer DE, Expert Panel Toward a national framework for the secondary use of health data: An American Medical Informatics Association White Paper. J Am Med Inform Assoc. 2007;14(1):1–9. doi: 10.1197/jamia.M2273. http://europepmc.org/abstract/MED/17077452 M2273 - DOI - PMC - PubMed
    1. Pisani E, Whitworth J, Zaba B, Abou-Zahr C. Time for fair trade in research data. Lancet. 2010 Feb 27;375(9716):703–705. doi: 10.1016/S0140-6736(09)61486-0.S0140-6736(09)61486-0 - DOI - PubMed
    1. Dukes P, Clement-Stoneham G. Data Sharing Policy. Version 2.2. London, UK: Medical Research Council; 2016. Sep, [2018-02-13]. https://www.mrc.ac.uk/documents/pdf/mrc-data-sharing-policy/

Publication types