Multicenter sharing de-identification is the removal of all 18 HIPAA Safe Harbor IDs (45 CFR §164.514(b)) before centres pool their files. anonym.plus does this on your own device, so each contribution arrives without a named patient.
When this applies
Several teams combine files for a joint analysis. Each contribution still holds patient names, dates, and a local record number.
How anonym.plus handles it
- Open one team's file (CSV, XLSX, or PDF) in anonym.plus.
- The tool scans for names, dates, and local record numbers.
- Local OCR reads any scanned source page you add.
- Confirm the flags and align the codes across centres.
- Swap each identifier for a shared, steady token.
- Save each cleaned file locally before you pool them.
What you need to provide
- Each centre file (CSV, XLSX, PDF, or scan).
- An operator: Replace with a shared token scheme.
- Optional: a cross-centre token map held by the lead only.
PHI entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | Ai Tanaka → [SUBJECT_C12] |
| Dates | DATE_TIME | visit 28/04/2026 → [DATE] |
| Local record | MEDICAL_RECORD_NUMBER | centre B MRN 4471 → [LOCAL_ID] |
| Centre | LOCATION | Centre B, Osaka → [CENTRE_B] |
| Investigator | PERSON | Dr. Sato → [INVESTIGATOR] |
| Contact | PHONE_NUMBER | +81 6 5550 0162 → [PHONE] |
Compliance achieved
- Strips all 18 ID classes for HIPAA Safe Harbor (45 CFR §164.514(b)).
- Runs offline, so the tool itself needs no BAA between centres.
- On-device AES-256-GCM guards each working file.
- Handles GDPR Art. 9 health data for EU centres too.
Anonymize multicenter study files offline — see plans & start free →
Limitations & cautions
Pooling raises the re-identification risk, because one centre's rare value can become unique in the combined set. The tool strips the 18 IDs per file. The lead must still check the pooled result for rare combinations before any wider release.
Frequently asked questions
Why is multicenter sharing higher risk?
When centres pool files, a value that is common at one place can be unique across the whole set. So a record safe alone can become identifying once combined. The lead checks the merged data, not just each file.
How do tokens stay consistent across centres?
Each centre applies the same token scheme to the same person. A cross-centre map, held only by the lead, lets the records align without exposing names.
Does this need a BAA between centres?
No. Each centre cleans its own file on its own device before sharing. No named data moves, so the tool itself needs no BAA.