-
Medical records are very personal and anonymisation is great in theory but how many long-distance cyclists in Ealing have presented multiple blood clots? I'm going to go with 'not very many' and all of a sudden anonymity is gone and that's assuming it was done correctly in the first place.
hippy-
You're not wrong. Its the main reason why NHS Number is not considered to be anonymous.
Even in normal secondary care datasets, its pretty easy to track down somebody if you know a little bit about them. The example I was given in my Caldicott Guardian training was how easy it was to find somebody from information in a newspaper article using a pseudonymous dataset. From memory it was tracking down a 55 year old man who had lost their leg in a motorcycle accident.
Stonehedge
GDPR is about personal data, which pretty much means personally-identifiable data. And it's aimed at commercial organisations, and very general in most areas. Then anonymisation of bulk data is a complex subject in its own right...