Skip to content
SPECTRE-HD

Blackbar

For technical documentation, please visit the Blackbar website.

Data-driven technologies can lead to new applications for medicine and healthcare practice, fueled by the massive stores of unstructured data in hospital silos.[^optimism] However, for those outside the field, it’s easy to overlook some of the hurdles involved in moving these innovations from theory into clinical use.

Chief among these hurdles is patient privacy. Free-form text in Electronic Health Records (EHR) provides invaluable insights into patient backgrounds, disease progression, and treatments. Yet, this same unstructured nature — which frequently intertwines clinical details with personally identifiable information (PII) — restricts researcher’s and innovator’s ability to access and leverage the data at scale.

alt text

Safeguards like pseudonymization are key to mitigating privacy concerns and strengthening trust in healthcare data practices among stakeholders, ensuring that these technologies can be used responsibly and effectively.

At the same time, hospitals must be able to leverage pseudonymized clinical data across multiple scenarios — whether in a research context, for proof-of-value initiatives, or through APIs that integrate AI-driven functionalities into clinical workflows and software.

Blackbar delivers a comprehensive, end-to-end solution that meets these requirements.

Pseudonymization

Section titled “Pseudonymization”

🛡️ Pseudonymisation can reduce the risks to the data subjects by preventing the attribution of personal data to natural persons in the course of the processing of the data, and in the event of unauthorised access or use.

🔔 Pseudonymised data, which could be attributed to a natural person by the use of additional information, is still to be considered personal data, even if the pseudonymous data and additional information are not in the hands of the same person.

📌 Controllers need to
🔹 modify or transform the data
🔹 keep additional information for attributing the personal data to a specific data subject separately
🔹 apply technical and organisational measures to ensure personal data are not being attributed

Pseudonymisation can help reduce risks of confidentiality, function creep or accuracy, facilitate data analysis, support data minimalisation and transfers to third parties/third countries.[^van_roijen2025]

Function creep occurs when data that was initially gathered for a specific, limited purpose begins to be used for additional, unintended purposes—often without the informed consent of those whom the data concerns. In the context of healthcare, this might happen if patient information collected for treatment or research is later repurposed in ways patients or regulators did not anticipate (for instance, for marketing or broader analytics unconnected to the original care objectives). Pseudonymization helps mitigate this risk because it reduces the possibility of re-identifying individuals or misusing their data for functions beyond the originally stated intent.

Function creep and accuracy refer to two separate but related risks when reusing personal data:

  1. Function Creep
    • Data gathered for one purpose might be quietly repurposed for another, unintended use (e.g., marketing or profiling) without new consent. This “creep” violates privacy expectations and can undermine trust.
  2. Accuracy
    • Repeatedly repurposing or combining data from multiple sources can introduce errors, incorrect linkages, or mismatched records. Over time, these inaccuracies can accumulate, reducing the overall reliability of the dataset.

By pseudonymizing data, organizations can mitigate both risks. They limit the ability to repurpose data for extraneous functions (function creep) and maintain more careful controls over how the data is combined or shared—thereby preserving accuracy.