Claims dataset anonymisation is the removal of personal data from a bulk extract (CSV, JSON, or a bundle). Once truly anonymous, it is no longer personal data under UK GDPR Recital 26 and leaves scope. anonym.plus does this on your own device.
When this applies
Analytics and pricing work often start with a bulk extract of many rows. Sending that to a cloud tool is a disclosure risk. Local work avoids it.
How anonym.plus handles it
- Point anonym.plus at the export folder on your server.
- It scans the ID columns and the free-text fields.
- Steady aliases keep joins across rows intact.
- Turn off the re-link key for true anonymity.
- Review the summary and tune the column rules.
- Save the clean table on your device.
What you need to provide
- The extract as CSV, JSON, or a bundle of files.
- A column map for known ID fields.
- Replace with the re-link key off for full anonymity.
Patient data entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | member_name → [MEMBER_n] |
| Member ID | UK_HEALTH_INSURANCE_MEMBER | mbr_id field → [MEMBER_ID_n] |
| Account | ACCOUNT_NUMBER | acct field → [ACCOUNT_n] |
| Dates | DATE_TIME | service_date → shifted [DATE] |
| Address | LOCATION | postal fields → [ADDRESS] |
| Free text | PERSON / LOCATION | inline names → aliases |
Compliance achieved
- True anonymity puts the table outside scope by UK GDPR Recital 26.
- Strips UK GDPR Art. 9 health identifiers from the rows.
- On-device work supports UK data residency.
- Keeps row links steady, so the table stays useful for analysis.
Anonymise claims datasets offline — see plans & start free →
Limitations & cautions
True anonymity is a high bar under the ICO motivated-intruder test. If you keep a re-link key, the result is pseudonymous, not anonymous, and stays in scope. A rare cost outlier plus a postcode can re-identify, so weigh the residual risk before treating the table as anonymous.
Frequently asked questions
Anonymous or pseudonymous — what is the difference?
Pseudonymous output keeps a key that can re-link it, so it stays personal data under UK GDPR. Anonymous output drops that key for good. Only then does Recital 26 take it out of scope.
Can rows stay linkable after the swap?
Only if you keep an alias map, which makes the result pseudonymous. For true anonymity, turn the map off so no key remains.
Why work locally rather than in the cloud?
Sending raw rows to a cloud tool is itself a disclosure. Local work skips that risk.