Claims dataset anonymization is the removal of personal data from a bulk extract (CSV, JSON, or a bundle). Once it is truly anonymous, it is no longer personal data under GDPR Recital 26 and falls outside the law. anonym.plus does this on an EU device.
When this applies
Analytics and pricing work often start with a bulk extract of many rows. Sending that to a cloud tool is a disclosure risk. Local work avoids it.
How anonym.plus handles it
- Point anonym.plus at the export folder on your server.
- It scans the ID columns and the free-text fields.
- Steady aliases keep joins across rows intact.
- Turn off the re-link key for true anonymity.
- Review the summary and tune the column rules.
- Save the clean table on your device.
What you need to provide
- The extract as CSV, JSON, or a bundle of files.
- A column map for known ID fields.
- Replace with the re-link key off for full anonymity.
PHI entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | member_name → [MEMBER_n] |
| Member ID | US_HEALTH_PLAN_BENEFICIARY | mbr_id field → [MEMBER_ID_n] |
| Account | ACCOUNT_NUMBER | acct field → [ACCOUNT_n] |
| Dates | DATE_TIME | service_date → shifted [DATE] |
| Address | LOCATION | postal fields → [ADDRESS] |
| Free text | PERSON / LOCATION | inline names → aliases |
Compliance achieved
- True anonymity puts the table outside scope by GDPR Recital 26.
- Strips GDPR Art. 9 health identifiers from the rows.
- On-device work supports EU data residency.
- Keeps row links steady, so the table stays useful for analysis.
Anonymize claims datasets offline — see plans & start free →
Limitations & cautions
True anonymity is a high bar. If you keep a re-link key, the result is pseudonymous, not anonymous, and stays in scope. A rare cost outlier plus a place can re-identify, so weigh the residual risk before you treat the table as anonymous.
Frequently asked questions
Anonymous or pseudonymous — what is the difference?
Pseudonymous output keeps a key that can re-link it, so it stays personal data under GDPR. Anonymous output drops that key for good. Only then does Recital 26 take it out of scope.
Can rows stay linkable after the swap?
Only if you keep an alias map, which makes the result pseudonymous. For true anonymity, turn the map off so no key remains.
Why work locally rather than in the cloud?
Sending raw rows to a cloud tool is itself a disclosure. Local work skips that risk.