Data Anonymization

De-Identification and Anonymization of Patient Data

De-identification involves removing or recording health information that could identify an individual such as patient identifiers, free text verbatim terms or references to dates. Subsequently, data anonymization involves destroying all links between the de-identified datasets and the original datasets.

data anonymization

Clinical Data Transparency Regulatory Requirements

As of 2016, any Sponsor selling products in the European Union must comply with the European Medicines Agency (EMA) guidance on the anonymization of clinical trial data. Within 60 days of a marketing authorization decision, the Clinical Study Report must be made available in a form that removes any risk of a subject’s identity being breached. The Food & Drug Administration (FDA) similarly requires transparency through the use of de-identified and masked data.

Clinical trial Sponsors must also adhere to the General Data Protection Regulation (GDPR) which looks to harmonize data privacy laws across the European Union.

Patient sensitive data, or any data that could potentially identify a patient, should be redacted.
The transmission of non-CRF data is also of concern under the new directive. This includes data that comes from labs as well as imaging and other devices.

CROS NT offers support for data anonymization compliance starting with patient-level data with a comprehensive process and expert team of statisticians, programmers, medical writers and regulatory professionals.


  • Up to Level 3 data privacy protection (risk of data linking)
  • Pre-validated macros less prone to errors
  • 40% faster turnaround time
  • Controlled process
  • Data format specifications required for EudraCT portal data upload
  • Expert consultancy for data transparency strategy
  • CDISC Gold Member
  • ISO 27001:2014 certified IT partner (Arithmos Information Technology)¬†to manage¬†IT processes and systems