The Project

Making data safe for AI: understanding anonymization in healthcare

In the age of AI, data is power, but it must be handled with care. Especially in healthcare, protecting patient privacy is not just a legal necessity, but a foundation of trust between institutions and the people they care for.

Anonymization means removing information that could identify a person, like names, addresses, or even combinations of data points that, when linked together, can reveal someone's identity. For example, while a rare medical condition, a patient's geographic location, or their exact age might not be identified on their own, combining them could narrow down the possibilities enough to point to a specific individual. This is why anonymization focuses not only on individual identifiers, but also on how different pieces of information might interact to re-identify someone.

There is always a tradeoff when it comes to anonymization: the more data is stripped of personal details to protect privacy, the less informative it may become. This loss of detail can limit its value for research and the training of AI models. Reducing this tension involves transforming data in thoughtful ways: hiding direct identifiers, generalizing specific values into broader categories, or replacing personal details with codes that cannot be traced back. In cases where data is too specific to be safely anonymized, it may be removed entirely. 

To assess how well these techniques work, researchers apply privacy metrics that estimate the risk of re-identifying someone within a dataset. Some methods aim to make individuals indistinguishable from others, while others introduce controlled randomness to make reverse identification nearly impossible. These approaches help ensure that data remains both useful and safe.

Medical imaging brings its own challenges. Beyond the metadata often embedded in formats like DICOM, the images themselves can contain identifying features. For instance, head or facial scans may reveal enough anatomical detail to make someone recognizable. That’s why anonymizing imaging data requires additional safeguards: cleaning metadata, applying image-processing techniques to blur or remove facial features, and carefully considering which parts of the body are visible in the scan. The goal is always to protect identity without compromising the clinical value of the image.

Anonymization is not a one-size-fits-all solution. It’s a delicate process that enables responsible use of health data. When done well, it supports progress in data-driven healthcare while maintaining the privacy and trust of every individual behind the data.

Alice Andalò - IRST IRCCS