A medical-record disclosure is the copy of a health file you release to a third party. UK GDPR Art. 9 and the DPA 2018 give health data extra protection; the ICO Anonymisation Code of Practice sets the de-identification bar. anonym.plus marks the identifiers on your own device, so the health file never reaches the cloud.
When this applies
A request asks for a health file for research or audit. It names the patient and carries the NHS number, dates, and address.
How anonym.plus handles it
- Open the health file in anonym.plus on your device.
- Local OCR reads scanned charts and forms.
- The tool flags names, NHS numbers, dates, and addresses.
- Check the flags and fix any clinical term caught wrongly.
- Swap each identifier for a label, or black it out.
- Save the de-identified file on your machine.
What you need to provide
- The health file (PDF, DOCX, TXT, or scan).
- An operator: Replace keeps the text readable.
- Optional name map if you must re-link later.
PII entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | patient name → [PATIENT] |
| NHS Number | UK_NHS | NHS 943 476 5919 → [NHS_NO] |
| Record IDs | MEDICAL_RECORD_NUMBER | MRN 884213 → [MRN] |
| Dates | DATE_TIME | admitted 03/11 → [DATE] |
| Contact | PHONE_NUMBER | +44 20 7946 0147 → [PHONE] |
| Location | LOCATION | 14 Oak Road → [ADDRESS] |
Compliance achieved
- Removes identifiers for UK GDPR Art. 9 & DPA 2018 de-identification.
- Runs offline, so no data-processor contract is triggered for a cloud vendor.
- Working files are guarded with AES-256-GCM at rest.
- Local OCR reads scanned charts before the check.
Anonymise medical records offline — see plans & start free →
Limitations & cautions
The ICO Code also needs you to have no reason to think the rest could re-identify the patient. The tool removes the identifier types; you still judge rare free-text clues, like a rare illness plus a small town. For those, apply the motivated-intruder test.
Frequently asked questions
Which identifiers must go for health data?
Names, small geographic areas, all dates tied to a person, phone and fax, email, NHS number, MRN, account numbers, vehicle and device IDs, URLs, IPs, biometrics, photos, and other unique codes that could single out the patient.
Does this disclosure need a contract with a processor?
No. The app runs on your own device with no cloud step, so no outside party touches the health data and no data-processor agreement is triggered.
Will the file still read after the swap?
Yes. The Replace operator puts a steady label in place of each identifier, so the clinical text still flows and names no real person.