Case Study: De-Identification Framework


A provincial government service is developing an online portal providing de-identified (anonymized) healthcare information to healthcare providers, researchers, and public health personnel. Previously, de-identification of healthcare information disclosed for secondary purposes such as research had been performed by a number of different work groups using different standards, methods, and technologies. With the development of the portal, it had become impossible to ignore the need for a unified de-identification solution. Ki Consulting was retained to design a unified business and technical framework for the adoption of an off-the-shelf de-identification software program.


Ki Consulting assessed the de-identification service’s governance, de-identification standards, technological capacities, and service model, and designed business and technical architecture, along with an implementation roadmap, for an effective de-identification process.

The business architecture provided by Ki Consulting laid out the goals and constraints of the de-identification service, the needs of its internal and external clients, and its business function model for service delivery. Based on this understanding of the service, Ki Consulting offered recommendations for improved policies and procedures related to information use, de-identification, and disclosure. A key recommendation was the adoption of a risk-based de-identification process, in which data de-identification and disclosure practices are based on objective measures of re-identification risk.

The technical architecture provided by Ki Consulting outlined the specific requirements, from software functions down to response times, for a de-identification application suited to the client’s needs. These requirements were used to tailor the off-the-shelf software to the client’s existing technical environment.


  1. A streamlined and automated de-identification solution designed to fit the client’s existing business model and technical environment
  2. More consistent governance and standards, improved monitoring practices, and increased compliance with privacy legislation
  3. Risk-based de-identification that preserves the utility of the data while minimizing threats to privacy
  4. More efficient, user-friendly, and better organized client services

Ki Consulting’s proposal received approval to proceed to procurement, and the program was recently adopted as a top priority of the provincial health ministry.