London, 29 June 2018

NHS Digital has signed a contract to deliver a new software solution for the de-identification[3] of patient information, which will help to improve the way that data is used across the NHS and social care.

De-identification is the process used to prevent a person’s identity from being connected with their information.

The new de-identification process (known as De-ID) will protect patient privacy by de-identifying a person’s records in a consistent way. This will mean that when the right legal basis, controls and safeguards are in place, data can be linked across different care settings and geographic boundaries. This will help to improve health and care services through research and planning, and ultimately lead to better individual care.

NHS Digital will deliver De-ID in partnership with privacy engineering company Privitar, who were chosen following a rigorous tendering process.

NHS Digital’s Executive Director of Data, Insights and Statistics Tom Denwood said: “The health and care landscape is rapidly changing, and we can improve individual patient care if our systems can deliver a complete picture of their health and care. Although we already use various ways of de-identifying data across the NHS, the difference with De-ID is that it provides one, consistent way of doing this.

“So instead of each individual NHS team managing their own de-identification processes, De-ID provides an automated and standardised way of removing the identifying values in a patient record across all data collections, allowing data to be linked across different care settings.

“It’s not only more efficient; enabling us to safely produce useful data for research and analysis, but it’s also transparent, so we can improve tracking and auditing of how data is used across the system.

“After a rigorous tender process, we chose to work with Privitar because of their commercial and industry experience, as well as their strong ethical values. We’re very much looking forward to together leading the protection of patient data.”

CEO of Privitar Jason du Preez said: “Privitar specialises in privacy engineering software that enables organisations to provide data for advanced analytics and data science with respect for individual privacy and compliance with regulation.

“Our business was borne out of a realisation that the effective use of data can improve our lives in so many ways, but that this must be done with rigor and respect for individuals to ensure a sustained, high-quality flow of information into the data ecosystem.”

Privitar licenses software products that employ leading privacy enhancing techniques. It does not handle or process any personal data as part of its client work.

For further information please contact:

For NHS Digital-related media enquiries please contact or telephone 0300 30 33 888

  1.  NHS Digital is the national information and technology provider for the health and care system. Our team of information analysis, technology and project management experts create, deliver and manage the crucial digital systems, services, products and standards upon which health and care professionals and citizens depend. During the 2017/18 financial year, NHS Digital published 275 statistical reports. Our vision is to harness the power of information and technology to make health and care better. Find out more about our role and remit at
  2. Privitar is a privacy engineering company that enables organisations to use, share and derive insight from data safely. Privitar provides data-privacy software for organisations seeking to improve services and experiences through the use of advanced analytics and data science, helping engineer privacy-preserving data operations that protect sensitive information while retaining data utility. Founded in 2014, Privitar has a global client-base across Europe, North America and Asia. For more information please visit
  3. This is information that does not identify an individual, because identifiers have been removed or encrypted. However, the information is still about an individual person and so needs to be handled with care. There are strict safeguards on how de-personalised information can be used and therefore a greater level of control needed.