Pseudonymization for health applications: GDPR & HPAA

Pseudonymization for health applications

Definitions, Implications and advice


Pseudonymization is one of the core techniques to protect health data. It is valid for both GDPR and HIPAA. As such, it is something you should be aware of when you are designing your health application or software.

What is pseudonymization?

Pseudonymization involves replacing all personal identifiers in your data with pseudonyms. Importantly, the process is reversible because you keep a seprate list of how the pseudonyms map to the original data. This differs from anonymization, where personal identifiers are completely removed using techniques like generalisation, randomisation and rounding. In general, pseudonymization is complementary to data security methods like encryption.

When should I use pseudonymization?

Pseudonymization is a really good technique when your application needs to share data between users and medical professionals or care providers. It also has benefits when you want to process the medical data, but want to be sure that you are minmising the risk of data loss.

How can I implement pseudonymization?

Implementing pseudonymization is extremely simple using the API. You pseudonymize your data in just a few minutes and be sure that it has been done in a compliant and secure fashion.

What else should I know about pseudonymization?

Pseudonymization is a core technique for both GDPR and HIPAA. However, as our infographic below shows, there are significant differences in the legal status of such data. The most important thing to note is that under GDPR, pseudonymous data is still personal data. By contrast, under HIPAA it can be shared (so long as the correct fields are pseudonymized). infographic explains pseudonymization of health data

Still have questions?