Allergy-record anonymization is the removal of personal data from allergy and reaction files, which are health data under GDPR Art. 9. anonym.plus does this on your device and keeps the trigger, reaction, and severity for safety work.
When this applies
Safety registries lean on true trigger and reaction data, but the file names the patient and the reporter. Make it anonymous and you can pool safety signals with no personal data.
How anonym.plus handles it
- Load the file into anonym.plus on a local device.
- It finds patient and reporter IDs.
- The trigger and severity fields stay.
- Swap IDs with the map off for true anonymity.
- Save the anonymous file on your device.
What you need to provide
- The allergy or reaction file (DOCX, PDF, or export).
- Replace with the map off for anonymity.
- Optional EU-language setting.
PHI entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | patient name → [PATIENT] |
| Names | PERSON | reporting clinician → [REPORTER] |
| Dates | DATE_TIME | reaction date → [DATE] |
| Contact | PHONE_NUMBER | callback no. → [PHONE] |
| Identifiers | NATIONAL_ID | patient ID → [ID] |
| Location | LOCATION | clinic → [CLINIC] |
Compliance achieved
- Strips GDPR Art. 9 health IDs from the file.
- Keeps trigger and severity detail for safety work.
- On-device work supports EU data residency.
Anonymize allergy records offline — see plans & start free →
Limitations & cautions
The trigger and reaction stay and are not usually identifying. But a very rare allergy plus a place could add to re-identification. Turn off any re-link key and weigh the residual risk for true anonymity.
Frequently asked questions
Is the trigger data removed?
No. The trigger, reaction, and severity stay. Only personal IDs like patient and reporter names go.
Why is this data special under GDPR?
It is health data under Art. 9, so it needs a legal basis to use. Making it anonymous drops that need for second uses.
Can I pool anonymous allergy files?
Yes. Once anonymous, the files can be pooled for safety signals with no GDPR consent limits.