Definitions, Implications and advice
Pseudonymization is one of the core techniques to protect health data. It is valid for both GDPR and HIPAA. As such, it is something you should be aware of when you are designing your health application or software.
Pseudonymization involves replacing all personal identifiers in your data with pseudonyms. Importantly, the process is reversible because you keep a seprate list of how the pseudonyms map to the original data. This differs from anonymization, where personal identifiers are completely removed using techniques like generalisation, randomisation and rounding. In general, pseudonymization is complementary to data security methods like encryption.
Pseudonymization is a really good technique when your application needs to share data between users and medical professionals or care providers. It also has benefits when you want to process the medical data, but want to be sure that you are minmising the risk of data loss.
Implementing pseudonymization is extremely simple using the Chino.io API. You pseudonymize your data in just a few minutes and be sure that it has been done in a compliant and secure fashion.
Pseudonymization is a core technique for both GDPR and HIPAA. However, as our infographic below shows, there are significant differences in the legal status of such data. The most important thing to note is that under GDPR, pseudonymous data is still personal data. By contrast, under HIPAA it can be shared (so long as the correct fields are pseudonymized).